On Thu, 26 May 2005, Martin Pitt wrote: > Hi! > > There is a number of outstanding issues which do not appear as fixed > in the changelog: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0544 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0653 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1392 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0459 > > These issues _might_ be fixed in 2.6.2, I did not check. Can you > please evaluate this?
I'll check them carefully, but they are not critical. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1392 tells about install script which doesn't exist in Debian. Discovering of path to phpmyadmin is not a bug in Debian. Everybody knows that Debian's phpmyadmin is located in /usr/share/phpmyadmin :) > > I see two fixed XSS issues in the changelog, however, there are three > recent CANs about it; is one of these issues still unfixed? Maybe you > can add their CAN numbers to the changelog in your next upload? That > would make it easier to track issues automatically: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0543 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0567 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0992 > > Since I did not confirm any vulnerability personally, I leave this to > "important". Please upgrade it to grave if there are actually unfixed > things. Well, it has to be investigated... Thanks for report. -- .''`. Piotr Roszatycki, Netia SA : :' : mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
