[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2013-07-30 9:39:51
Message-ID: 114727289.8753339.1375177191187.JavaMail.root () redhat ! com
[Download RAW message or body]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
>
> Use CVE-2013-4995.
>
> As far as we can tell, this should be the only CVE needed for
> PMASA-2013-8; however, this link gives us a 404 error:
>
> "The following commits have been made on the 3.5 branch to
> fix this issue: 51f343b91908d1b1bacaebe6db87c3d7aa522581"
The proper link wrt to PMASA-2013-8 fix in phpMyAdmin v3.5.x seems to be
the following:
https://github.com/phpmyadmin/phpmyadmin/commit/01d35b3558e47fba947719857bd71f6fd9e5dce8
>
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
>
> Use CVE-2013-4996 for the PMASA-2013-9 XSS issues that affect both
> 3.5.x and 4.0.x, and for the PMASA-2013-11 XSS issue.
>
> Use CVE-2013-4997 for the PMASA-2013-9 XSS issues that affect only
> 3.5.x. (We think this may be the first two issues, but the CVE is
> assigned on the basis of affected versions, not the vulnerability
> details.)
>
> (We didn't notice any XSS issues that affected only 4.0.x.)
>
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
>
> Use CVE-2013-4998 for the path-disclosure issues affecting both 3.5.x
> and 4.0.x (approximately three affected files).
>
> Use CVE-2013-4999 for the path-disclosure issues affecting only
> version 4.0.x (approximately two affected files).
>
> Use CVE-2013-5000 for the path-disclosure issues affecting only
> version 3.5.x (several affected files).
>
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
>
> Use CVE-2013-5001.
>
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
>
> Use CVE-2013-5002.
>
>
> >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
>
> Use CVE-2013-5003.
Thank you for the CVE ids.
Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
>
> - --
> CVE assignment team, MITRE CVE Numbering Authority
> M/S M300
> 202 Burlington Road, Bedford, MA 01730 USA
> [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (SunOS)
>
> iQEcBAEBAgAGBQJR9wY/AAoJEGvefgSNfHMdcgUIAK7ylWgGM6Yt+qfqf+7ZWX+e
> VBM7/OcyPT7+GuFmE+PCsb7dVf4DAJOZBwTHx7JzabLFXhOWV+iFhxHyXzErTgmM
> ncDAb3ThOFUd3gjw81Wuk4O2JNehPQ/SJ5DxPWHFCyK/Ky/w/krbJ3FabDdcuP+X
> whbYQV8H2wIGtoZqrHuDL0kAg2/tuFGg1Kw1I7v4mraqPVWGV+sFyvE1eZmE+WlH
> ypDDorpLLdOjGfetRnjAVLVIMVKkQ5TZEeU8IC5HyI9m0lBk6aBNIFeoB/yCUcLP
> +VnIbFHdRTyThabvg84qkeD7CJROZU3HUsUZjSdo/57jXG5PP6rNakhpjfFhwbc=
> =efXp
> -----END PGP SIGNATURE-----
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic