Martin Pitt wrote: > There is a number of outstanding issues which do not appear as fixed > in the changelog:
But quoting from the testing security team's notes in CAN/list for each: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0544 - phpmyadmin 3:2.6.1-pl2-1 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0653 - phpmyadmin 3:2.6.1-pl3-1 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1392 NOTE: In Debian this is only part of the examples in share/doc, any admin will NOTE: have to modify it for his purposes anyway, so there's no security problem > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0459 NOTE: From maintainer Piotr Roszatycki <[EMAIL PROTECTED]> : NOTE: I think it is not a problem on Debian as far as everybody knows the full NOTE: path of phpMyAdmin is /usr/share/phpmyadmin. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0543 - phpmyadmin 3:2.6.1-pl2-1 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0567 - phpmyadmin 3:2.6.1-pl2-1 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0992 - phpmyadmin 3:2.6.2-rc1-1 > Since I did not confirm any vulnerability personally, I leave this to > "important". Please upgrade it to grave if there are actually unfixed > things. I think it's perfectly valid to leave the bug open requesting that the file with CAN-2005-1392 be fixed even if it is just an example; and/or that the path disclosure in CAN-2005-0459 be fixed and/or that these all be retroactively added to the changelog. Not as RC of course. -- see shy jo
signature.asc
Description: Digital signature
