[Secure-testing-team] Re: phpMyAdmin security vulnerabilities for
sarge
Thijs Kinkhorst
thijs at debian.org
Mon Dec 11 16:39:09 CET 2006
Hi all,
I wrote the following a couple of months back...
On Thu, 2006-08-03 at 13:22 +0200, Thijs Kinkhorst wrote:
> > CVE-2006-1803 Cross-site scripting (XSS) vulnerability in sql.php
> in phpMyAdmin ...
>
> Can not reproduce and [is] suggested to be a false duplicate of
> CVE-2006-1804. I'm considering this one to be not vulnerable in sarge.
This is still marked as 'vulnerable' in the security tracker for
phpmyadmin. I think that can be updated.
I'm working on the other open issues.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061211/5ebba676/attachment.pgp
More information about the Secure-testing-team
mailing list