Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e65486d4 by Salvatore Bonaccorso at 2020-01-08T22:57:43+01:00
Revert "Update old CVEs for phpmyadmin"
The vulnerablities are not just not affected because they are not
present in any supported suites.
The fixing version needs either to be pin-pointed or the entries
otherwise keept as they are now.
This reverts commit 7b2a44081ee909fbc5d69a7aa8257a7ab1b5de27.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -359647,7 +359647,8 @@ CVE-2007-4308 (The (1) aac_cfg_open and (2)
aac_compat_ioctl functions in the SC
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 a ...)
NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin 2.10 ...)
- - phpmyadmin <not-affected> (vulnerable code is not present)
+ - phpmyadmin <unfixed> (unimportant)
+ [sarge] - phpmyadmin <not-affected>
NOTE: It seems that this requires knowledge of a unguessable session
token.
NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2)
Sysjail ...)
@@ -371901,7 +371902,7 @@ CVE-2006-6374 (Multiple CRLF injection
vulnerabilities in PhpMyAdmin 2.7.0-pl2 a
[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php
versions)
NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain
sensitive infor ...)
- - phpmyadmin <not-affected> (vulnerable code is not present)
+ - phpmyadmin <unfixed> (unimportant)
NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in
pbguestbook.php ...)
NOT-FOR-US: JAB Guest Book
@@ -387486,8 +387487,8 @@ CVE-2005-4351 (The securelevels implementation in
FreeBSD 7.0 and earlier, OpenB
- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before
A.01.05.12 an ...)
NOT-FOR-US: WBEM Services
-CVE-2005-4349 (SQL injection vulnerability in server_privileges.php in
phpMyAdmin 2.7 ...)
- - phpmyadmin <not-affected> (vulnerable code is not present)
+CVE-2005-4349
+ - phpmyadmin <unfixed> (unimportant)
NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as
implemented in ...)
NOT-FOR-US: IOS
@@ -389442,7 +389443,7 @@ CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4
does not check for MAY_SAT
[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to
obtain t ...)
- - phpmyadmin <not-affected> (vulnerable code is not present)
+ - phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before
2.0.2 patc ...)
NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management
interface f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65486d46c27bba823b106ec8841510512d71f3a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65486d46c27bba823b106ec8841510512d71f3a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
