[Secure-testing-team] Re: phpMyAdmin security vulnerabilities for
sarge
Neil McGovern
neilm at debian.org
Mon Dec 11 23:21:53 CET 2006
On Mon, Dec 11, 2006 at 04:39:09PM +0100, Thijs Kinkhorst wrote:
> Hi all,
>
> I wrote the following a couple of months back...
>
> On Thu, 2006-08-03 at 13:22 +0200, Thijs Kinkhorst wrote:
> > > CVE-2006-1803 Cross-site scripting (XSS) vulnerability in sql.php
> > in phpMyAdmin ...
> >
> > Can not reproduce and [is] suggested to be a false duplicate of
> > CVE-2006-1804. I'm considering this one to be not vulnerable in sarge.
>
> This is still marked as 'vulnerable' in the security tracker for
> phpmyadmin. I think that can be updated.
>
> I'm working on the other open issues.
>
Updated.
Thanks,
Neil
--
<mooch> If stockhom sees my banana, he will want to eat it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061211/5638210c/attachment.pgp
More information about the Secure-testing-team
mailing list