Date: Mon, 29 Jul 2013 20:23:55 -0400 (EDT) From: cve-assign@...re.org To: security@...myadmin.net Cc: cve-assign@...re.org, jlieskov@...hat.com, oss-security@...ts.openwall.com Subject: Re: CVE Request -- phpMyAdmin 18.104.22.168 and 22.214.171.124 are released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php Use CVE-2013-4995. As far as we can tell, this should be the only CVE needed for PMASA-2013-8; however, this link gives us a 404 error: "The following commits have been made on the 3.5 branch to fix this issue: 51f343b91908d1b1bacaebe6db87c3d7aa522581" >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php Use CVE-2013-4996 for the PMASA-2013-9 XSS issues that affect both 3.5.x and 4.0.x, and for the PMASA-2013-11 XSS issue. Use CVE-2013-4997 for the PMASA-2013-9 XSS issues that affect only 3.5.x. (We think this may be the first two issues, but the CVE is assigned on the basis of affected versions, not the vulnerability details.) (We didn't notice any XSS issues that affected only 4.0.x.) >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php Use CVE-2013-4998 for the path-disclosure issues affecting both 3.5.x and 4.0.x (approximately three affected files). Use CVE-2013-4999 for the path-disclosure issues affecting only version 4.0.x (approximately two affected files). Use CVE-2013-5000 for the path-disclosure issues affecting only version 3.5.x (several affected files). >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php Use CVE-2013-5001. >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php Use CVE-2013-5002. >* http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php Use CVE-2013-5003. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJR9wY/AAoJEGvefgSNfHMdcgUIAK7ylWgGM6Yt+qfqf+7ZWX+e VBM7/OcyPT7+GuFmE+PCsb7dVf4DAJOZBwTHx7JzabLFXhOWV+iFhxHyXzErTgmM ncDAb3ThOFUd3gjw81Wuk4O2JNehPQ/SJ5DxPWHFCyK/Ky/w/krbJ3FabDdcuP+X whbYQV8H2wIGtoZqrHuDL0kAg2/tuFGg1Kw1I7v4mraqPVWGV+sFyvE1eZmE+WlH ypDDorpLLdOjGfetRnjAVLVIMVKkQ5TZEeU8IC5HyI9m0lBk6aBNIFeoB/yCUcLP +VnIbFHdRTyThabvg84qkeD7CJROZU3HUsUZjSdo/57jXG5PP6rNakhpjfFhwbc= =efXp -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.