From 9860429d04ce056f7fc566fc957bcfa30059839c Mon Sep 17 00:00:00 2001
From: Abhijith PA <abhijith@debian.org>
Date: Mon, 26 Oct 2020 10:29:54 +0530
Subject: DLA-2413-1 updated

---
 english/lts/security/2020/dla-2413.data |  4 ++--
 english/lts/security/2020/dla-2413.wml  | 17 +++++++++++++----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/english/lts/security/2020/dla-2413.data b/english/lts/security/2020/dla-2413.data
index 6ac6eb6374d..24b0520b582 100644
--- a/english/lts/security/2020/dla-2413.data
+++ b/english/lts/security/2020/dla-2413.data
@@ -1,6 +1,6 @@
 <define-tag pagetitle>DLA-2413-1 phpmyadmin</define-tag>
-<define-tag report_date>2020-10-25</define-tag>
-<define-tag secrefs>CVE-2019-19617 CVE-2020-26934 CVE-2020-26935</define-tag>
+<define-tag report_date>2020-10-26</define-tag>
+<define-tag secrefs>CVE-2019-19617 CVE-2020-26934 CVE-2020-26935 Bug#971999 Bug#972000</define-tag>
 <define-tag packages>phpmyadmin</define-tag>
 <define-tag isvulnerable>yes</define-tag>
 <define-tag fixed>yes</define-tag>
diff --git a/english/lts/security/2020/dla-2413.wml b/english/lts/security/2020/dla-2413.wml
index 7c0bf37f99c..ae53d6e1b86 100644
--- a/english/lts/security/2020/dla-2413.wml
+++ b/english/lts/security/2020/dla-2413.wml
@@ -1,20 +1,29 @@
 <define-tag description>LTS security update</define-tag>
 <define-tag moreinfo>
-<p>Brief introduction</p>
+<p>Several vulnerabilities were found in package phpmyadmin.</p>
 
 <ul>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2019-19617">CVE-2019-19617</a>
 
-    <p>Description</p></li>
+    <p>phpMyAdmin does not escape certain Git information, related to
+    libraries/classes/Display/GitRevision.php and libraries/classes
+    /Footer.php.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-26934">CVE-2020-26934</a>
 
-    <p>Description</p></li>
+    <p>A vulnerability was discovered where an attacker can cause an XSS
+    attack through the transformation feature.</p>
+
+    <p>If an attacker sends a crafted link to the victim with the malicious
+    JavaScript, when the victim clicks on the link, the JavaScript will run
+    and complete the instructions made by the attacker.</p></li>
 
 <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-26935">CVE-2020-26935</a>
 
-    <p>Description</p></li>
+    <p>An SQL injection vulnerability was discovered in how phpMyAdmin
+    processes SQL statements in the search feature. An attacker could use
+    this flaw to inject malicious SQL in to a query.</p></li>
 
 </ul>
 
-- 
cgit v1.2.3