'Re: [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2013-07-30 9:39:51
Message-ID: 114727289.8753339.1375177191187.JavaMail.root () redhat ! com
[Download RAW message or body]

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
> 
> Use CVE-2013-4995.
> 
> As far as we can tell, this should be the only CVE needed for
> PMASA-2013-8; however, this link gives us a 404 error:
> 
>   "The following commits have been made on the 3.5 branch to
>   fix this issue: 51f343b91908d1b1bacaebe6db87c3d7aa522581"

The proper link wrt to PMASA-2013-8 fix in phpMyAdmin v3.5.x seems to be
the following:
  https://github.com/phpmyadmin/phpmyadmin/commit/01d35b3558e47fba947719857bd71f6fd9e5dce8

> 
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
> 
> Use CVE-2013-4996 for the PMASA-2013-9 XSS issues that affect both
> 3.5.x and 4.0.x, and for the PMASA-2013-11 XSS issue.
> 
> Use CVE-2013-4997 for the PMASA-2013-9 XSS issues that affect only
> 3.5.x. (We think this may be the first two issues, but the CVE is
> assigned on the basis of affected versions, not the vulnerability
> details.)
> 
> (We didn't notice any XSS issues that affected only 4.0.x.)
> 
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
> 
> Use CVE-2013-4998 for the path-disclosure issues affecting both 3.5.x
> and 4.0.x (approximately three affected files).
> 
> Use CVE-2013-4999 for the path-disclosure issues affecting only
> version 4.0.x (approximately two affected files).
> 
> Use CVE-2013-5000 for the path-disclosure issues affecting only
> version 3.5.x (several affected files).
> 
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
> 
> Use CVE-2013-5001.
> 
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
> 
> Use CVE-2013-5002.
> 
> 
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
> 
> Use CVE-2013-5003.

Thank you for the CVE ids.

Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

> 
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (SunOS)
> 
> iQEcBAEBAgAGBQJR9wY/AAoJEGvefgSNfHMdcgUIAK7ylWgGM6Yt+qfqf+7ZWX+e
> VBM7/OcyPT7+GuFmE+PCsb7dVf4DAJOZBwTHx7JzabLFXhOWV+iFhxHyXzErTgmM
> ncDAb3ThOFUd3gjw81Wuk4O2JNehPQ/SJ5DxPWHFCyK/Ky/w/krbJ3FabDdcuP+X
> whbYQV8H2wIGtoZqrHuDL0kAg2/tuFGg1Kw1I7v4mraqPVWGV+sFyvE1eZmE+WlH
> ypDDorpLLdOjGfetRnjAVLVIMVKkQ5TZEeU8IC5HyI9m0lBk6aBNIFeoB/yCUcLP
> +VnIbFHdRTyThabvg84qkeD7CJROZU3HUsUZjSdo/57jXG5PP6rNakhpjfFhwbc=
> =efXp
> -----END PGP SIGNATURE-----
> 
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic