Update old phpMyAdmin CVE entries

years:
- 2003 (ignored, no CVEs found)
- 2004 (4; 1 has patch links)
- 2005 (9; 3 had patch links)
- 2006 (9; 9 had patch links)
- 2007 (8; 8 had patch links)
- 2008 (10; 10 had patch links)

- 2018 (5; 5 had patch links)
- 2019 (5; 5 had patch links)
- 2020 (1; 1 has patch links)

Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php

1 files changed, 28 insertions, 5 deletions

diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 612361a8c0..620a88c5ce 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -3732,6 +3732,9 @@ CVE-2008-5622
 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...)
 	{DSA-1723-1}
 	- phpmyadmin 4:2.11.8.1-5
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b
 CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
 	NOT-FOR-US: ProjectPier
 CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...)
@@ -5875,7 +5878,10 @@ CVE-2008-XXXX [balazar3: insecure temp file handling]
 CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin  ...)
 	- phpmyadmin 4:2.11.8.1-4 (low)
 	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
-	NOTE: http://www.securityfocus.com/archive/1/497815
+	NOTE: https://www.securityfocus.com/archive/1/497815
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647
 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when  ...)
 	NOT-FOR-US: PlugSpace
 CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...)
@@ -6869,6 +6875,9 @@ CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly
 CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...)
 	{DSA-1675-1}
 	- phpmyadmin 4:2.11.8.1-3
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc
 CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...)
 	- viewvc 1.0.9-1 (bug #500779; unimportant)
 CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...)
@@ -7620,6 +7629,9 @@ CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does no
 CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...)
 	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8.1-2 (medium)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
 	NOTE: script is not in use and only a suggestion for users
@@ -9080,6 +9092,9 @@ CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdm
 	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8~rc1-1
 	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch)
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d
 CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...)
 	NOT-FOR-US: JnSHosts PHP Hosting Directory
 CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...)
@@ -9693,6 +9708,9 @@ CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin bef
 	- phpmyadmin 4:2.11.7.1-1 (low)
 	NOTE: this only allows via csrf to create an empty database.
 	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?)
 CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...)
 	NOT-FOR-US: Chipmunk Blog
 CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...)
@@ -10686,6 +10704,8 @@ CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan
 CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7,  ...)
 	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
 	NOTE: We haven't supported installations with register_globals enabled since a long time
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647
 CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
 	{DTSA-142-1}
 	- perl 5.10.0-11 (bug #487319; medium)
@@ -12680,8 +12700,8 @@ CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx
 CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running  ...)
 	{DSA-1557-1}
 	- phpmyadmin 4:2.11.5.2-1
-	NOTE: PMASA-2008-3
-	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6
 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
 	NOT-FOR-US: BigAnt Messenger
 CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
@@ -13560,7 +13580,8 @@ CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a
 CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...)
 	{DSA-1557-1}
 	- phpmyadmin 2.11.5.1
-	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993
 	NOTE: It is a workaround for the limited security that PHP has for
 	NOTE: session files on a shared host. This limitation is documented with
 	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
@@ -14510,7 +14531,9 @@ CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parame
 	- phpmyadmin 4:2.11.5-1 (low)
 	[etch] - phpmyadmin <no-dsa> (Minor issue)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
-	NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69
+	NOTE: SQL injection if you can set local cookies, which means
 	NOTE: you must be able to create pages in the same cookie domain, which seems
 	NOTE: rare and unwise. low priority.
 CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...)