[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: phpmyadmin issue already fixed, how to record?



On Sat, Nov 24, 2007 at 11:28:12AM +0100, Thijs Kinkhorst wrote:
> Hi all,
> 
> phpMyAdmin upstream issued PMASA-2007-8: a cross site scripting issue. I've 
> uploaded the new upstream right away; etch & sarge are not affected. So the 
> status currently is that no Debian suite is still affected. There's no 
> associated CVE id.
> 
> Should I record this issue in the tracker somehow (how?), or is that not 
> necessary? 

Yes, if it's a genuine security problem is should be recorded. Like this:

CVE-2007-XXXX [phpmyadmin PMASA-2007-8]
	- phpmyadmin 4:2.11.2.2-1
        [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
        [etch] - phpmyadmin <not-affected> (Vulnerable code not present)

Cheers,
        Moritz



Reply to: