From 6e65e65e23ec39e6ac3c264364f4eddb68a46717 Mon Sep 17 00:00:00 2001
From: William Desportes <williamdes@wdes.fr>
Date: Sat, 11 Jan 2020 20:50:29 +0100
Subject: Update old phpMyAdmin CVE entries

years:
- 2003 (ignored, no CVEs found)
- 2004 (4; 1 has patch links)
- 2005 (9; 3 had patch links)
- 2006 (9; 9 had patch links)
- 2007 (8; 8 had patch links)
- 2008 (10; 10 had patch links)

- 2018 (5; 5 had patch links)
- 2019 (5; 5 had patch links)
- 2020 (1; 1 has patch links)

Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php
---
 data/CVE/2007.list | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'data/CVE/2007.list')

diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index ced826a602..2789c3bf94 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1558,6 +1558,8 @@ CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie
 	- phpmyadmin 4:2.11.2.2-1
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-8/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/960064b55f68cd74969e8f0eee56da045f6ea57a
 CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...)
 	NOT-FOR-US: Ingate Firewall Siparator
 CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...)
@@ -1884,6 +1886,9 @@ CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpM
 	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
 	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-7/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/83adea5d6f79640648d3d5384c910820f1d085c3
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6225d4533abb0ffee0c985354326295a746cc79e
 CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...)
 	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
 CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...)
@@ -2842,6 +2847,8 @@ CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1
 CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
 	{DSA-1403-1}
 	- phpmyadmin 4:2.11.1.2-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-6/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c32d999eb16a9e2748a834e3ad722cc4d33f7dd5
 CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...)
 	NOT-FOR-US: Pligg CMS
 CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...)
@@ -3291,6 +3298,8 @@ CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in
 	{DSA-1403-1}
 	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
 	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-5/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/27d5467dc3ba6e594d5e5cd291a908b48464e289
 CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...)
 	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
 CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...)
@@ -10779,7 +10788,8 @@ CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when runn
 CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...)
 	{DSA-1370-2 DSA-1370-1}
 	- phpmyadmin 4:2.10.1-1 (low)
-	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-4/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b4134b65a7e7ed355121b6c2db9ea6c9624509bc
 CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator  ...)
 	NOT-FOR-US: Adobe Photoshop
 CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...)
@@ -12755,6 +12765,8 @@ CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8
 	{DSA-1370-2 DSA-1370-1}
 	- phpmyadmin 4:2.10.0.2-1 (medium)
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-2/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6215e201eb98226837954059f6c99c9aa1c55a9a
 CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
 	NOT-FOR-US: Flat Chat
 CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...)
@@ -12934,6 +12946,8 @@ CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php i
 	{DSA-1370-2 DSA-1370-1}
 	- phpmyadmin 4:2.10.0.2-1
 	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2007-3/
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b81f9a364c2a2204e6acbdff5b71e6cc6daead1e
 CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...)
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
-- 
cgit v1.2.3