Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2017 15:51:08 +0000 (UTC)
From:      Ryan Steinmetz <zi@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r450906 - head/security/vuxml
Message-ID:  <201709291551.v8TFp8Ea019276@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: zi
Date: Fri Sep 29 15:51:08 2017
New Revision: 450906
URL: https://svnweb.freebsd.org/changeset/ports/450906

Log:
  - Condense entries whose description is >5000 characters
  
  Approved by:	ports-secteam (with hat)

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Sep 29 15:31:32 2017	(r450905)
+++ head/security/vuxml/vuln.xml	Fri Sep 29 15:51:08 2017	(r450906)
@@ -2622,176 +2622,7 @@ Notes:
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<p>The Webkit gtk team reports:</p>
 	<blockquote cite="https://webkitgtk.org/security/WSA-2017-0006.html">;
-	  <p>CVE-2017-7006: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to David Kohlbrenner of UC San Diego, an anonymous
-	    researcher.<br/>
-	    Impact: A malicious website may exfiltrate data cross-origin.
-	    Description: Processing maliciously crafted web content may
-	    allow cross-origin data to be exfiltrated by using SVG filters
-	    to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.</p>
-
-	  <p>CVE-2017-7011: Versions affected: WebKitGTK+ before 2.16.3.<br/>
-	    Credit to xisigr of Tencent’s Xuanwu Lab (tencent.com).<br/>
-	    Impact: Visiting a malicious website may lead to address bar
-	    spoofing. Description: A state management issue was addressed
-	    with improved frame handling.</p>
-
-	  <p>CVE-2017-7012: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Apple.<br/>
-	    Impact: Processing maliciously crafted web content may lead to
-	    arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7018: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to lokihardt of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead to
-	    arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7019: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Zhiyang Zeng of Tencent Security Platform Department.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7020: Versions affected: WebKitGTK+ before 2.16.1.<br/>
-	    Credit to likemeng of Baidu Security Lab.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7030: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to chenqin of Ant-financial Light-Year Security Lab
-	    (蚂蚁金服巴斯光年安全实验室).<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7034: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to chenqin of Ant-financial Light-Year Security Lab
-	    (蚂蚁金服巴斯光年安全实验室).<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7037: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to lokihardt of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7038: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Neil Jenkins of FastMail Pty Ltd, Egor Karbutov
-	    (@ShikariSenpai) of Digital Security and Egor Saltykov
-	    (@ansjdnakjdnajkd) of Digital Security.<br/>
-	    Impact: Processing maliciously crafted web content with
-	    DOMParser may lead to cross site scripting. Description:
-	    A logic issue existed in the handling of DOMParser. This
-	    issue was addressed with improved state management.</p>
-
-	  <p>CVE-2017-7039: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7040: Versions affected: WebKitGTK+ before 2.16.3.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7041: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7042: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7043: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7046: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7048: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7049: Versions affected: WebKitGTK+ before 2.16.2.<br/>
-	    Credit to Ivan Fratric of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed through improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7052: Versions affected: WebKitGTK+ before 2.16.4.<br/>
-	    Credit to cc working with Trend Micro’s Zero Day Initiative.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7055: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to The UK’s National Cyber Security Centre (NCSC).<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7056: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to lokihardt of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7059: Versions affected: WebKitGTK+ before 2.16.3.<br/>
-	    Credit to an anonymous researcher.<br/>
-	    Impact: Processing maliciously crafted web content with
-	    DOMParser may lead to cross site scripting. Description:
-	    A logic issue existed in the handling of DOMParser. This
-	    issue was addressed with improved state management.</p>
-
-	  <p>CVE-2017-7061: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to lokihardt of Google Project Zero.<br/>
-	    Impact: Processing maliciously crafted web content may lead
-	    to arbitrary code execution. Description: Multiple memory
-	    corruption issues were addressed with improved memory
-	    handling.</p>
-
-	  <p>CVE-2017-7064: Versions affected: WebKitGTK+ before 2.16.6.<br/>
-	    Credit to lokihardt of Google Project Zero.<br/>
-	    Impact: An application may be able to read restricted
-	    memory. Description: A memory initialization issue was
-	    addressed through improved memory handling.</p>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -4674,120 +4505,7 @@ maliciously crafted GET request to the Horde server.</
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
 	<blockquote cite="https://nvd.nist.gov/vuln/search/results?query=ImageMagick">;
-	  <ul>
-	    <li>CVE-2017-5506: Double free vulnerability in magick/profile.c in
-	      ImageMagick allows remote attackers to have unspecified impact via
-	      a crafted file.</li>
-	    <li>CVE-2017-5507: Memory leak in coders/mpc.c in ImageMagick before
-	      6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a
-	      denial of service (memory consumption) via vectors involving a
-	      pixel cache.</li>
-	    <li>CVE-2017-5508: Heap-based buffer overflow in the
-	      PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x
-	      before 7.0.4-3 allows remote attackers to cause a denial of
-	      service (application crash) via a crafted TIFF file.</li>
-	    <li>CVE-2017-5509: coders/psd.c in ImageMagick allows remote
-	      attackers to have unspecified impact via a crafted PSD file, which
-	      triggers an out-of-bounds write.</li>
-	    <li>CVE-2017-5510: coders/psd.c in ImageMagick allows remote
-	      attackers to have unspecified impact via a crafted PSD file, which
-	      triggers an out-of-bounds write.</li>
-	    <li>CVE-2017-5511: coders/psd.c in ImageMagick allows remote
-	      attackers to have unspecified impact by leveraging an improper
-	      cast, which triggers a heap-based buffer overflow.</li>
-	    <li>CVE-2017-6497: An issue was discovered in ImageMagick 6.9.7.
-	      A specially crafted psd file could lead to a NULL pointer
-	      dereference (thus, a DoS).</li>
-	    <li>CVE-2017-6498: An issue was discovered in ImageMagick 6.9.7.
-	      Incorrect TGA files could trigger assertion failures, thus leading
-	      to DoS.</li>
-	    <li>CVE-2017-6499: An issue was discovered in Magick++ in
-	      ImageMagick 6.9.7. A specially crafted file creating a nested
-	      exception could lead to a memory leak (thus, a DoS).</li>
-	    <li>CVE-2017-6500: An issue was discovered in ImageMagick 6.9.7.
-	      A specially crafted sun file triggers a heap-based
-	      buffer over-read.</li>
-	    <li>CVE-2017-6501: An issue was discovered in ImageMagick 6.9.7.
-	      A specially crafted xcf file could lead to a NULL pointer
-	      dereference.</li>
-	    <li>CVE-2017-6502: An issue was discovered in ImageMagick 6.9.7.
-	      A specially crafted webp file could lead to a file-descriptor
-	      leak in libmagickcore (thus, a DoS).</li>
-	    <li>CVE-2017-7275: The ReadPCXImage function in coders/pcx.c in
-	      ImageMagick 7.0.4.9 allows remote attackers to cause a denial of
-	      service (attempted large memory allocation and application crash)
-	      via a crafted file. NOTE: this vulnerability exists because of an
-	      incomplete fix for CVE-2016-8862 and CVE-2016-8866.</li>
-	    <li>CVE-2017-7606: coders/rle.c in ImageMagick 7.0.5-4 has an
-	      "outside the range of representable values of type unsigned char"
-	      undefined behavior issue, which might allow remote attackers to
-	      cause a denial of service (application crash) or possibly have
-	      unspecified other impact via a crafted image.</li>
-	    <li>CVE-2017-7619: In ImageMagick 7.0.4-9, an infinite loop can
-	      occur because of a floating-point rounding error in some of the
-	      color algorithms. This affects ModulateHSL, ModulateHCL,
-	      ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB,
-	      ModulateLCHab, and ModulateLCHuv.</li>
-	    <li>CVE-2017-7941: The ReadSGIImage function in sgi.c allows remote
-	      attackers to consume an amount of available memory via a crafted
-	      file.</li>
-	    <li>CVE-2017-7942: The ReadAVSImage function in avs.c allows remote
-	      attackers to consume an amount of available memory via a crafted
-	      file.</li>
-	    <li>CVE-2017-7943: The ReadSVGImage function in svg.c allows remote
-	      attackers to consume an amount of available memory via a crafted
-	      file.</li>
-	    <li>CVE-2017-8343: ReadAAIImage function in aai.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8344: ReadPCXImage function in pcx.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file. The
-	      ReadMNGImage function in png.c allows attackers to cause a denial
-	      of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8345: ReadMNGImage function in png.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8346: ReadMATImage function in mat.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8347: ReadMATImage function in mat.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file. </li>
-	    <li>CVE-2017-8348: ReadMATImage function in mat.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8349: ReadSFWImage function in sfw.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8350: ReadJNGImage function in png.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8351: ReadPCDImage function in pcd.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8352: ReadXWDImage function in xwd.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8353: ReadPICTImage function in pict.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8354: ReadBMPImage function in bmp.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8355: ReadMTVImage function in mtv.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8356: ReadSUNImage function in sun.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8357: ReadEPTImage function in ept.c allows attackers
-	      to cause a denial of service (memory leak) via a crafted file.</li>
-	    <li>CVE-2017-8765: The function named ReadICONImage in coders\icon.c
-	      has a memory leak vulnerability which can cause memory exhaustion
-	      via a crafted ICON file.</li>
-	    <li>CVE-2017-8830: ReadBMPImage function in bmp.c:1379 allows
-	      attackers to cause a denial of service (memory leak) via a crafted
-	      file.</li>
-	    <li>CVE-2017-9141: A crafted file could trigger an assertion failure
-	      in the ResetImageProfileIterator function in MagickCore/profile.c
-	      because of missing checks in the ReadDDSImage function in
-	      coders/dds.c.</li>
-	    <li>CVE-2017-9142: A crafted file could trigger an assertion failure
-	      in the WriteBlob function in MagickCore/blob.c because of missing
-	      checks in the ReadOneJNGImage function in coders/png.c.</li>
-	    <li>CVE-2017-9143: ReadARTImage function in coders/art.c allows
-	      attackers to cause a denial of service (memory leak) via a crafted
-	      .art file.</li>
-	    <li>CVE-2017-9144: A crafted RLE image can trigger a crash because
-	      of incorrect EOF handling in coders/rle.c.</li>
-	  </ul>
+	  <p>Please reference CVE/URL list for details</p>
 	</blockquote>
       </body>
     </description>
@@ -12689,200 +12407,7 @@ maliciously crafted GET request to the Horde server.</
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
-	<p>The phpMyAdmin development team reports:</p>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-57/">;
-	  <h3>Summary</h3>
-	  <p>Open redirection</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where a user can be
-	    tricked in to following a link leading to phpMyAdmin,
-	    which after authentication redirects to another
-	    malicious site.</p>
-	  <p>The attacker must sniff the user's valid phpMyAdmin
-	    token.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be of moderate
-	    severity.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-58/">;
-	  <h3>Summary</h3>
-	  <p>Unsafe generation of blowfish secret</p>
-	  <h3>Description</h3>
-	  <p>When the user does not specify a blowfish_secret key
-	    for encrypting cookies, phpMyAdmin generates one at
-	    runtime. A vulnerability was reported where the way this
-	    value is created using a weak algorithm.</p>
-	  <p>This could allow an attacker to determine the user's
-	    blowfish_secret and potentially decrypt their
-	    cookies.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be of moderate
-	    severity.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>This vulnerability only affects cookie
-	    authentication and only when a user has not
-	    defined a $cfg['blowfish_secret'] in
-	    their config.inc.php</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-59/">;
-	  <h3>Summary</h3>
-	  <p>phpinfo information leak value of sensitive
-	    (HttpOnly) cookies</p>
-	  <h3>Description</h3>
-	  <p>phpinfo (phpinfo.php) shows PHP information
-	    including values of HttpOnly cookies.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be
-	    non-critical.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>phpinfo in disabled by default and needs
-	    to be enabled explicitly.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-60/">;
-	  <h3>Summary</h3>
-	  <p>Username deny rules bypass (AllowRoot &amp; Others)
-	    by using Null Byte</p>
-	  <h3>Description</h3>
-	  <p>It is possible to bypass AllowRoot restriction
-	    ($cfg['Servers'][$i]['AllowRoot']) and deny rules
-	    for username by using Null Byte in the username.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be
-	    severe.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-61/">;
-	  <h3>Summary</h3>
-	  <p>Username rule matching issues</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability in username matching for the
-	    allow/deny rules may result in wrong matches and
-	    detection of the username in the rule due to
-	    non-constant execution time.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be severe.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-62/">;
-	  <h3>Summary</h3>
-	  <p>Bypass logout timeout</p>
-	  <h3>Description</h3>
-	  <p>With a crafted request parameter value it is possible
-	    to bypass the logout timeout.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be of moderate
-	    severity.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-63/">;
-	  <h3>Summary</h3>
-	  <p>Multiple full path disclosure vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>By calling some scripts that are part of phpMyAdmin in an
-	    unexpected way, it is possible to trigger phpMyAdmin to
-	    display a PHP error message which contains the full path of
-	    the directory where phpMyAdmin is installed.  During an
-	    execution timeout in the export functionality, the errors
-	    containing the full path of the directory of phpMyAdmin is
-	    written to the export file.</p>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerability to be
-	    non-critical.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-64/">;
-	  <h3>Summary</h3>
-	  <p>Multiple XSS vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>Several XSS vulnerabilities have been reported, including
-	    an improper fix for <a href="https://www.phpmyadmin.net/security/PMASA-2016-10/">PMASA-2016-10</a>; and a weakness in a regular expression
-	    using in some JavaScript processing.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be
-	    non-critical.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-65/">;
-	  <h3>Summary</h3>
-	  <p>Multiple DOS vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>With a crafted request parameter value it is possible
-	    to initiate a denial of service attack in saved searches
-	    feature.</p>
-	  <p>With a crafted request parameter value it is possible
-	    to initiate a denial of service attack in import
-	    feature.</p>
-	  <p>An unauthenticated user can execute a denial of
-	    service attack when phpMyAdmin is running with
-	  <code>$cfg['AllowArbitraryServer']=true;</code>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerabilities to be of
-	    moderate severity.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-66/">;
-	  <h3>Summary</h3>
-	  <p>Bypass white-list protection for URL redirection</p>
-	  <h3>Description</h3>
-	  <p>Due to the limitation in URL matching, it was
-	    possible to bypass the URL white-list protection.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be of moderate
-	    severity.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-67/">;
-	  <h3>Summary</h3>
-	  <p>BBCode injection vulnerability</p>
-	  <h3>Description</h3>
-	  <p>With a crafted login request it is possible to inject
-	    BBCode in the login page.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be severe.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>This exploit requires phpMyAdmin to be configured
-	    with the "cookie" auth_type; other
-	    authentication methods are not affected.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-68/">;
-	  <h3>Summary</h3>
-	  <p>DOS vulnerability in table partitioning</p>
-	  <h3>Description</h3>
-	  <p>With a very large request to table partitioning
-	    function, it is possible to invoke a Denial of Service
-	    (DOS) attack.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be of moderate
-	    severity.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-69/">;
-	  <h3>Summary</h3>
-	  <p>Multiple SQL injection vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>With a crafted username or a table name, it was possible
-	    to inject SQL statements in the tracking functionality that
-	    would run with the privileges of the control user. This
-	    gives read and write access to the tables of the
-	    configuration storage database, and if the control user has
-	    the necessary privileges, read access to some tables of the
-	    mysql database.</p>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerabilities to be serious.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-70/">;
-	  <h3>Summary</h3>
-	  <p>Incorrect serialized string parsing</p>
-	  <h3>Description</h3>
-	  <p>Due to a bug in serialized string parsing, it was
-	    possible to bypass the protection offered by
-	    PMA_safeUnserialize() function.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be severe.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-71/">;
-	  <h3>Summary</h3>
-	  <p>CSRF token not stripped from the URL</p>
-	  <h3>Description</h3>
-	  <p>When the <code>arg_separator</code> is different from its
-	    default value of <code>&amp;</code>, the token was not
-	    properly stripped from the return URL of the preference
-	    import action.</p>
-	  <h3>Severity</h3>
-	  <p>We have not yet determined a severity for this issue.</p>
-	</blockquote>
+	<p>Please reference CVE/URL list for details</p>
       </body>
     </description>
     <references>
@@ -16400,409 +15925,115 @@ and CVE-2013-0155.</p>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-29/">;
 	  <h3>Summary</h3>
 	  <p>Weakness with cookie encryption</p>
-	  <h3>Description</h3>
-	  <p>A pair of vulnerabilities were found affecting the
-	    way cookies are stored.</p>
-	  <ul>
-	    <li>The decryption of the username/password is
-	      vulnerable to a padding oracle attack. The can allow
-	      an attacker who has access to a user's browser cookie
-	      file to decrypt the username and password.</li>
-	    <li>A vulnerability was found where the same
-	      initialization vector (IV) is used to hash the
-	      username and password stored in the phpMyAdmin
-	      cookie. If a user has the same password as their
-	      username, an attacker who examines the browser cookie
-	      can see that they are the but the attacker can not
-	      directly decode these values from the cookie as it is
-	      still hashed.</li>
-	  </ul>
-	  <h3>Severity</h3>
-	  <p>We consider this to be critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-30/">;
 	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>Multiple vulnerabilities have been discovered in the
-	  following areas of phpMyAdmin:</p>
-	  <ul>
-	    <li>Zoom search: Specially crafted column content can
-	      be used to trigger an XSS attack</li>
-	    <li>GIS editor: Certain fields in the graphical GIS
-	      editor at not properly escaped and can be used to
-	      trigger an XSS attack</li>
-	    <li>Relation view</li>
-	    <li>The following Transformations:
-	    <ul>
-	      <li>Formatted</li>
-	      <li>Imagelink</li>
-	      <li>JPEG: Upload</li>
-	      <li>RegexValidation</li>
-	      <li>JPEG inline</li>
-	      <li>PNG inline</li>
-	      <li>transformation wrapper</li>
-	    </ul>
-	    </li>
-	    <li>XML export</li>
-	    <li>MediaWiki export</li>
-	    <li>Designer</li>
-	    <li>When the MySQL server is running with a
-	    specially-crafted <code>log_bin</code> directive</li>
-	    <li>Database tab</li>
-	    <li>Replication feature</li>
-	    <li>Database search</li>
-	  </ul>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerabilities to be of
-	    moderate severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-31/">;
 	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>XSS vulnerabilities were discovered in:</p>
-	  <ul>
-	    <li>The database privilege check</li>
-	    <li>The "Remove partitioning" functionality</li>
-	  </ul>
-	  <p>Specially crafted database names can trigger the XSS
-	    attack.</p>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerabilities to be of moderate
-	    severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-32/">;
 	  <h3>Summary</h3>
 	  <p>PHP code injection</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was found where a specially crafted
-	    database name could be used to run arbitrary PHP
-	    commands through the array export feature</p>
-	  <h3>Severity</h3>
-	  <p>We consider these vulnerabilities to be of
-	    moderate severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-33/">;
 	  <h3>Summary</h3>
 	  <p>Full path disclosure</p>
-	  <h3>Description</h3>
-	  <p>A full path disclosure vulnerability was discovered
-	    where a user can trigger a particular error in the
-	    export mechanism to discover the full path of phpMyAdmin
-	    on the disk.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be
-	    non-critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-34/">;
 	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported where a specially
-	    crafted database and/or table name can be used to
-	    trigger an SQL injection attack through the export
-	    functionality.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-35/">;
 	  <h3>Summary</h3>
 	  <p>Local file exposure</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where a user can
-	    exploit the LOAD LOCAL INFILE functionality to expose
-	    files on the server to the database system.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-36/">;
 	  <h3>Summary</h3>
 	  <p>Local file exposure through symlinks with
 	    UploadDir</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was found where a user can
-	    specially craft a symlink on disk, to a file which
-	    phpMyAdmin is permitted to read but the user is not,
-	    which phpMyAdmin will then expose to the user.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious,
-	    however due to the mitigation factors the
-	    default state is not vulnerable.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>1) The installation must be run with UploadDir configured
-	    (not the default) 2) The user must be able to create a
-	    symlink in the UploadDir 3) The user running the phpMyAdmin
-	    application must be able to read the file</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-37/">;
 	  <h3>Summary</h3>
 	  <p>Path traversal with SaveDir and UploadDir</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported with the <code>%u</code>
-	    username replacement functionality of the SaveDir and
-	    UploadDir features. When the username substitution is
-	    configured, a specially-crafted user name can be used to
-	    circumvent restrictions to traverse the file system.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious,
-	    however due to the mitigation factors the default
-	    state is not vulnerable.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>1) A system must be configured with the %u username
-	    replacement, such as `$cfg['SaveDir'] =
-	    'SaveDir_%u';` 2) The user must be able to create a
-	    specially-crafted MySQL user, including the `/.` sequence of
-	    characters, such as `/../../`</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-38/">;
 	  <h3>Summary</h3>
 	  <p>Multiple XSS vulnerabilities</p>
-	  <h3>Description</h3>
-	  <p>Multiple XSS vulnerabilities were found in the following
-	    areas:</p>
-	  <ul>
-	    <li>Navigation pane and database/table hiding
-	      feature. A specially-crafted database name can be used
-	      to trigger an XSS attack.</li>
-	    <li>The "Tracking" feature. A specially-crafted query
-	      can be used to trigger an XSS attack.</li>
-	    <li>GIS visualization feature. </li>
-	  </ul>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non-critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-39/">;
 	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered in the following
-	    features where a user can execute an SQL injection
-	    attack against the account of the control user:
-	    <em>User group</em> Designer</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>The server must have a control user account created in
-	    MySQL and configured in phpMyAdmin; installations without a
-	    control user are not vulnerable.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-40/">;
 	  <h3>Summary</h3>
 	  <p>SQL injection attack</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported where a specially
-	    crafted database and/or table name can be used to
-	    trigger an SQL injection attack through the export
-	    functionality.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-41/">;
 	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack in transformation
 	    feature</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was found in the transformation feature
-	    allowing a user to trigger a denial-of-service (DOS) attack
-	    against the server.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non-critical</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-42/">;
 	  <h3>Summary</h3>
 	  <p>SQL injection attack as control user</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered in the user interface
-	    preference feature where a user can execute an SQL injection
-	    attack against the account of the control user.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>The server must have a control user account created in
-	    MySQL and configured in phpMyAdmin; installations without a
-	    control user are not vulnerable.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-43/">;
 	  <h3>Summary</h3>
 	  <p>Unvalidated data passed to unserialize()</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported where some data is passed to
-	    the PHP <code>unserialize()</code> function without
-	    verification that it's valid serialized data.</p>
-	  <p>Due to how the <a href="https://secure.php.net/unserialize">PHP function</a>
-	    operates,</p>
-	  <blockquote>
-	    <p>Unserialization can result in code being loaded and
-	      executed due to object instantiation and autoloading, and
-	      a malicious user may be able to exploit this.</p>
-	  </blockquote>
-	  <p>Therefore, a malicious user may be able to manipulate the
-	    stored data in a way to exploit this weakness.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be moderately
-	    severe.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-45/">;
 	  <h3>Summary</h3>
 	  <p>DOS attack with forced persistent connections</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where an unauthenticated
-	    user is able to execute a denial-of-service (DOS) attack by
-	    forcing persistent connections when phpMyAdmin is running
-	    with <code>$cfg['AllowArbitraryServer']=true;</code>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be critical, although
-	    note that phpMyAdmin is not vulnerable by default.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-46/">;
 	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack by for loops</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability has been reported where a malicious
-	    authorized user can cause a denial-of-service (DOS) attack
-	    on a server by passing large values to a loop.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this issue to be of moderate severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-47/">;
 	  <h3>Summary</h3>
 	  <p>IPv6 and proxy server IP-based authentication rule
 	    circumvention</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where, under certain
-	    circumstances, it may be possible to circumvent the
-	    phpMyAdmin IP-based authentication rules.</p>
-	  <p>When phpMyAdmin is used with IPv6 in a proxy server
-	    environment, and the proxy server is in the allowed range
-	    but the attacking computer is not allowed, this
-	    vulnerability can allow the attacking computer to connect
-	    despite the IP rules.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious</p>
-	  <h3>Mitigation factor</h3>
-	  <p>* The phpMyAdmin installation must be running with
-	    IP-based allow/deny rules * The phpMyAdmin installation must
-	    be running behind a proxy server (or proxy servers) where
-	    the proxy server is "allowed" and the attacker is
-	    "denied" * The connection between the proxy server
-	    and phpMyAdmin must be via IPv6</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-48/">;
 	  <h3>Summary</h3>
 	  <p>Detect if user is logged in</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported where an attacker can
-	    determine whether a user is logged in to phpMyAdmin.</p>
-	  <p>The user's session, username, and password are not
-	    compromised by this vulnerability.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non-critical.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-49/">;
 	  <h3>Summary</h3>
 	  <p>Bypass URL redirect protection</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where an attacker could
-	    redirect a user to a malicious web page.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be of moderate severity</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-50/">;
 	  <h3>Summary</h3>
 	  <p>Referrer leak in url.php</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where an attacker can
-	  determine the phpMyAdmin host location through the file
-	  <code>url.php</code>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this to be of moderate severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-51/">;
 	  <h3>Summary</h3>
 	  <p>Reflected File Download attack</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where an attacker may be
-	    able to trigger a user to download a specially crafted
-	    malicious SVG file.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this issue to be of moderate severity.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-52/">;
 	  <h3>Summary</h3>
 	  <p>ArbitraryServerRegexp bypass</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was reported with the
-	    <code>$cfg['ArbitraryServerRegexp']</code> configuration
-	    directive. An attacker could reuse certain cookie values in
-	    a way of bypassing the servers defined by
-	    <code>ArbitraryServerRegexp</code>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be critical.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>Only servers using
-	    `$cfg['ArbitraryServerRegexp']` are vulnerable to
-	    this attack.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-53/">;
 	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack by changing password to a
 	    very long string</p>
-	  <h3>Description</h3>
-	  <p>An authenticated user can trigger a denial-of-service
-	    (DOS) attack by entering a very long password at the change
-	    password dialog.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-54/">;
 	  <h3>Summary</h3>
 	  <p>Remote code execution vulnerability when run as CGI</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where a user can execute a
-	    remote code execution attack against a server when
-	    phpMyAdmin is being run as a CGI application. Under certain
-	    server configurations, a user can pass a query string which
-	    is executed as a command-line argument by the file
-	    <code>generator_plugin.sh</code>.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be critical.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>The file
-	    `/libraries/plugins/transformations/generator_plugin.sh` may
-	    be removed. Under certain server configurations, it may be
-	    sufficient to remove execute permissions for this file.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-55/">;
 	  <h3>Summary</h3>
 	  <p>Denial of service (DOS) attack with dbase extension</p>
-	  <h3>Description</h3>
-	  <p>A flaw was discovered where, under certain conditions,
-	    phpMyAdmin may not delete temporary files during the import
-	    of ESRI files.</p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be non-critical.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>This vulnerability only exists when PHP is running with
-	    the dbase extension, which is not shipped by default, not
-	    available in most Linux distributions, and doesn't
-	    compile with PHP7.</p>
 	</blockquote>
 	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-56/">;
 	  <h3>Summary</h3>
 	  <p>Remote code execution vulnerability when PHP is running
 	    with dbase extension</p>
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered where phpMyAdmin can be
-	    used to trigger a remote code execution attack against
-	    certain PHP installations. </p>
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be critical.</p>
-	  <h3>Mitigation factor</h3>
-	  <p>This vulnerability only exists when PHP is running with
-	    the dbase extension, which is not shipped by default, not
-	    available in most Linux distributions, and doesn't
-	    compile with PHP7.</p>
 	</blockquote>
       </body>
     </description>
@@ -20782,199 +20013,7 @@ and CVE-2013-0155.</p>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
-	<p>The phpMyAdmin development team reports:</p>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-17/">;
-	  <h3>Summary</h3>
-	  <p>BBCode injection vulnerability</p>
-
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered that allows an BBCode
-	    injection to setup script in case it's not accessed on
-	    https.</p>
-
-	  <h3>Severity</h3>
-	  <p>We consider this to be non-critical.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-18/">;
-	  <h3>Summary</h3>
-	  <p>Cookie attribute injection attack</p>
-
-	  <h3>Description</h3>
-	  <p>A vulnerability was found where, under some
-	    circumstances, an attacker can inject arbitrary values
-	    in the browser cookies.</p>
-
-	  <h3>Severity</h3>
-	  <p>We consider this to be non-critical.</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-19/">;
-	  <h3>Summary</h3>
-	  <p>SQL injection attack</p>
-
-	  <h3>Description</h3>
-	  <p>A vulnerability was discovered that allows an SQL
-	    injection attack to run arbitrary commands as the
-	    control user.</p>
-
-	  <h3>Severity</h3>
-	  <p>We consider this vulnerability to be serious</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-20/">;
-	  <h3>Summary</h3>
-	  <p>XSS on table structure page</p>
-
-	  <h3>Description</h3>
-	  <p>An XSS vulnerability was discovered on the table
-	    structure page</p>
-
-	  <h3>Severity</h3>
-	  <p>We consider this to be a serious
-	    vulnerability</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-21/">;
-	  <h3>Summary</h3>
-	  <p>Multiple XSS vulnerabilities</p>
-
-	  <h3>Description</h3>
-	  <ul>
-	    <li>An XSS vulnerability was discovered on the user
-	      privileges page.</li>
-	    <li>An XSS vulnerability was discovered in the error
-	      console.</li>
-	    <li>An XSS vulnerability was discovered in the central
-	      columns feature.</li>
-	    <li>An XSS vulnerability was discovered in the query
-	      bookmarks feature.</li>
-	    <li>An XSS vulnerability was discovered in the user groups
-	      feature.</li>
-	  </ul>
-
-	  <h3>Severity</h3>
-	  <p>We consider this to be a serious vulnerability</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-22/">;
-	  <h3>Summary</h3>
-	  <p>DOS attack</p>
-
-	  <h3>Description</h3>
-	  <p>A Denial Of Service (DOS) attack was discovered in
-	    the way phpMyAdmin loads some JavaScript files.</p>
-
-	  <h3>Severity</h3>
-	  <p>We consider this to be of moderate severity</p>
-	</blockquote>
-	<blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-23/">;

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709291551.v8TFp8Ea019276>