Re: phpmyadmin issue already fixed, how to record?

To: Thijs Kinkhorst <thijs@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: phpmyadmin issue already fixed, how to record?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 26 Nov 2007 07:38:42 +0100
Message-id: <[🔎] 20071126063842.GA3658@galadriel.inutil.org>
In-reply-to: <[🔎] 200711241128.14340.thijs@debian.org>
References: <[🔎] 200711241128.14340.thijs@debian.org>

On Sat, Nov 24, 2007 at 11:28:12AM +0100, Thijs Kinkhorst wrote:
> Hi all,
> 
> phpMyAdmin upstream issued PMASA-2007-8: a cross site scripting issue. I've 
> uploaded the new upstream right away; etch & sarge are not affected. So the 
> status currently is that no Debian suite is still affected. There's no 
> associated CVE id.
> 
> Should I record this issue in the tracker somehow (how?), or is that not 
> necessary? 

Yes, if it's a genuine security problem is should be recorded. Like this:

CVE-2007-XXXX [phpmyadmin PMASA-2007-8]
	- phpmyadmin 4:2.11.2.2-1
        [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
        [etch] - phpmyadmin <not-affected> (Vulnerable code not present)

Cheers,
        Moritz

Reply to:

References:
- phpmyadmin issue already fixed, how to record?
  - From: Thijs Kinkhorst <thijs@debian.org>

Prev by Date: phpmyadmin issue already fixed, how to record?
Previous by thread: phpmyadmin issue already fixed, how to record?
Index(es):
- Date
- Thread