diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-08 22:57:43 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-08 22:57:43 +0100 |
commit | d41ecc95bbd34e9a3039108325fd8a38ad210986 (patch) | |
tree | 76bc452248b8edaa98870efb3a848990fec4da7a /data | |
parent | 91c3e7080d85a8f47092773e372da05e62e5f5d1 (diff) |
Revert "Update old CVEs for phpmyadmin"
The vulnerablities are not just not affected because they are not
present in any supported suites.
The fixing version needs either to be pin-pointed or the entries
otherwise keept as they are now.
This reverts commit 7b2a44081ee909fbc5d69a7aa8257a7ab1b5de27.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2005.list | 6 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2007.list | 3 |
3 files changed, 6 insertions, 5 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 3a51825bab..1033c03948 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1251,8 +1251,8 @@ CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenB - linux-2.6 2.6.18-3 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...) NOT-FOR-US: WBEM Services -CVE-2005-4349 (SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7 ...) - - phpmyadmin <not-affected> (vulnerable code is not present) +CVE-2005-4349 + - phpmyadmin <unfixed> (unimportant) NOTE: Only for authenticated used, will possibly be rejected CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...) {DSA-939-1} @@ -2885,7 +2885,7 @@ CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SAT [sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs) - linux-2.6 2.6.14-7 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain t ...) - - phpmyadmin <not-affected> (vulnerable code is not present) + - phpmyadmin <unfixed> (unimportant) CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 patc ...) NOT-FOR-US: VMware ESX CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index ca4a78088e..fc416f094f 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -2011,7 +2011,7 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 a [etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...) - - phpmyadmin <not-affected> (vulnerable code is not present) + - phpmyadmin <unfixed> (unimportant) NOTE: path is known in Debian anyway CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) NOT-FOR-US: JAB Guest Book diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 9006aafb51..fb3b5cee72 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -5877,7 +5877,8 @@ CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SC CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 a ...) NOT-FOR-US: Storesprite CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10 ...) - - phpmyadmin <not-affected> (vulnerable code is not present) + - phpmyadmin <unfixed> (unimportant) + [sarge] - phpmyadmin <not-affected> NOTE: It seems that this requires knowledge of a unguessable session token. NOTE: Confirmed by upstream. Sarge is not affected at all. CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) |