[Secure-testing-commits] r29028 - data/CVE

Raphaël Hertzog Thu, 25 Sep 2014 01:18:08 -0700

Author: hertzog
Date: 2014-09-25 08:17:44 +0000 (Thu, 25 Sep 2014)
New Revision: 29028


Modified:
   data/CVE/list
Log:
CVE-2014-5273/CVE-2014-5274 do not apply on squeeze/wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-09-25 07:50:03 UTC (rev 29027)
+++ data/CVE/list       2014-09-25 08:17:44 UTC (rev 29028)
@@ -4061,10 +4061,17 @@
        NOT-FOR-US: ZPanel
 CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations 
page ...)
        - phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
+       [wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
+       [squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
        NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
+       NOTE: Version 3.x uses the browser-provided confirmation window and not 
custom HTML.
 CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
        - phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
+       [wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
+       [squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
        NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
+       NOTE: Most of the affected Javascript files do not exist on version 3.3 
and 3.4.
+       NOTE: Those that do do not contain the problematic code.
 CVE-2014-5268
        RESERVED
        NOT-FOR-US: Drupal addon


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r29028 - data/CVE

Reply via email to