Author: hertzog Date: 2014-09-25 08:17:44 +0000 (Thu, 25 Sep 2014) New Revision: 29028
Modified: data/CVE/list Log: CVE-2014-5273/CVE-2014-5274 do not apply on squeeze/wheezy Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-09-25 07:50:03 UTC (rev 29027) +++ data/CVE/list 2014-09-25 08:17:44 UTC (rev 29028) @@ -4061,10 +4061,17 @@ NOT-FOR-US: ZPanel CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) + [wheezy] - phpmyadmin <not-affected> (vulnerable code not present) + [squeeze] - phpmyadmin <not-affected> (vulnerable code not present) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML. CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) + [wheezy] - phpmyadmin <not-affected> (vulnerable code not present) + [squeeze] - phpmyadmin <not-affected> (vulnerable code not present) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4. + NOTE: Those that do do not contain the problematic code. CVE-2014-5268 RESERVED NOT-FOR-US: Drupal addon _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits