oss-sec mailing list archives
Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released
From: cve-assign () mitre org
Date: Mon, 29 Jul 2013 20:23:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
Use CVE-2013-4995. As far as we can tell, this should be the only CVE needed for PMASA-2013-8; however, this link gives us a 404 error: "The following commits have been made on the 3.5 branch to fix this issue: 51f343b91908d1b1bacaebe6db87c3d7aa522581"
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php * http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
Use CVE-2013-4996 for the PMASA-2013-9 XSS issues that affect both 3.5.x and 4.0.x, and for the PMASA-2013-11 XSS issue. Use CVE-2013-4997 for the PMASA-2013-9 XSS issues that affect only 3.5.x. (We think this may be the first two issues, but the CVE is assigned on the basis of affected versions, not the vulnerability details.) (We didn't notice any XSS issues that affected only 4.0.x.)
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
Use CVE-2013-4998 for the path-disclosure issues affecting both 3.5.x and 4.0.x (approximately three affected files). Use CVE-2013-4999 for the path-disclosure issues affecting only version 4.0.x (approximately two affected files). Use CVE-2013-5000 for the path-disclosure issues affecting only version 3.5.x (several affected files).
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
Use CVE-2013-5001.
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
Use CVE-2013-5002.
* http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
Use CVE-2013-5003. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJR9wY/AAoJEGvefgSNfHMdcgUIAK7ylWgGM6Yt+qfqf+7ZWX+e VBM7/OcyPT7+GuFmE+PCsb7dVf4DAJOZBwTHx7JzabLFXhOWV+iFhxHyXzErTgmM ncDAb3ThOFUd3gjw81Wuk4O2JNehPQ/SJ5DxPWHFCyK/Ky/w/krbJ3FabDdcuP+X whbYQV8H2wIGtoZqrHuDL0kAg2/tuFGg1Kw1I7v4mraqPVWGV+sFyvE1eZmE+WlH ypDDorpLLdOjGfetRnjAVLVIMVKkQ5TZEeU8IC5HyI9m0lBk6aBNIFeoB/yCUcLP +VnIbFHdRTyThabvg84qkeD7CJROZU3HUsUZjSdo/57jXG5PP6rNakhpjfFhwbc= =efXp -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 29)
- Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
- Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
- Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 30)
- Re: [Phpmyadmin-security] [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Dieter Adriaenssens (Jul 30)
- Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 30)