Re: phpmyadmin issue already fixed, how to record?
On Sat, Nov 24, 2007 at 11:28:12AM +0100, Thijs Kinkhorst wrote:
> Hi all,
>
> phpMyAdmin upstream issued PMASA-2007-8: a cross site scripting issue. I've
> uploaded the new upstream right away; etch & sarge are not affected. So the
> status currently is that no Debian suite is still affected. There's no
> associated CVE id.
>
> Should I record this issue in the tracker somehow (how?), or is that not
> necessary?
Yes, if it's a genuine security problem is should be recorded. Like this:
CVE-2007-XXXX [phpmyadmin PMASA-2007-8]
- phpmyadmin 4:2.11.2.2-1
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
Cheers,
Moritz
Reply to: