I updated the merge-request https://salsa.debian.org/phpmyadmin-team/phpmyadmin/merge_requests/6 with patches for stretch of the two new PMASA-2019-{3,4}
I also updated https://salsa.debian.org/phpmyadmin-team/phpmyadmin/merge_requests/5 for jessie and PMASA-2019-4 (CVE-2019-12616) PMASA-2019-3 (CVE-2019-11768) does not affect jessie. This bug came with https://github.com/phpmyadmin/phpmyadmin/commit/e04f56a04f506c1a0a884c81c209ae2ffbf80baf in PhpMyAdmin 4.3.0alpha1 PMASA-2019-3 (CVE-2019-11768) does not yet have a debian-bug. how should this be done? by the security-team via the security-tracker? can I do this? how do i reference all the stuff? BTW: Why is jessie mentioned in the security-tracker of this CVE but not in this bug?
