diff options
author | Abhijith PA <abhijith@debian.org> | 2020-10-26 10:29:54 +0530 |
---|---|---|
committer | Abhijith PA <abhijith@debian.org> | 2020-10-26 10:29:54 +0530 |
commit | 9860429d04ce056f7fc566fc957bcfa30059839c (patch) | |
tree | acad34d419a9b3b9af72aa2429c2f5d3f36c9fe1 | |
parent | a041587c63083f6476a25cf0882ed3113b7da4b2 (diff) |
DLA-2413-1 updated
-rw-r--r-- | english/lts/security/2020/dla-2413.data | 4 | ||||
-rw-r--r-- | english/lts/security/2020/dla-2413.wml | 17 |
2 files changed, 15 insertions, 6 deletions
diff --git a/english/lts/security/2020/dla-2413.data b/english/lts/security/2020/dla-2413.data index 6ac6eb6374d..24b0520b582 100644 --- a/english/lts/security/2020/dla-2413.data +++ b/english/lts/security/2020/dla-2413.data @@ -1,6 +1,6 @@ <define-tag pagetitle>DLA-2413-1 phpmyadmin</define-tag> -<define-tag report_date>2020-10-25</define-tag> -<define-tag secrefs>CVE-2019-19617 CVE-2020-26934 CVE-2020-26935</define-tag> +<define-tag report_date>2020-10-26</define-tag> +<define-tag secrefs>CVE-2019-19617 CVE-2020-26934 CVE-2020-26935 Bug#971999 Bug#972000</define-tag> <define-tag packages>phpmyadmin</define-tag> <define-tag isvulnerable>yes</define-tag> <define-tag fixed>yes</define-tag> diff --git a/english/lts/security/2020/dla-2413.wml b/english/lts/security/2020/dla-2413.wml index 7c0bf37f99c..ae53d6e1b86 100644 --- a/english/lts/security/2020/dla-2413.wml +++ b/english/lts/security/2020/dla-2413.wml @@ -1,20 +1,29 @@ <define-tag description>LTS security update</define-tag> <define-tag moreinfo> -<p>Brief introduction</p> +<p>Several vulnerabilities were found in package phpmyadmin.</p> <ul> <li><a href="https://security-tracker.debian.org/tracker/CVE-2019-19617">CVE-2019-19617</a> - <p>Description</p></li> + <p>phpMyAdmin does not escape certain Git information, related to + libraries/classes/Display/GitRevision.php and libraries/classes + /Footer.php.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-26934">CVE-2020-26934</a> - <p>Description</p></li> + <p>A vulnerability was discovered where an attacker can cause an XSS + attack through the transformation feature.</p> + + <p>If an attacker sends a crafted link to the victim with the malicious + JavaScript, when the victim clicks on the link, the JavaScript will run + and complete the instructions made by the attacker.</p></li> <li><a href="https://security-tracker.debian.org/tracker/CVE-2020-26935">CVE-2020-26935</a> - <p>Description</p></li> + <p>An SQL injection vulnerability was discovered in how phpMyAdmin + processes SQL statements in the search feature. An attacker could use + this flaw to inject malicious SQL in to a query.</p></li> </ul> |