[Secure-testing-commits] r7919 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Mon Jan 14 19:36:43 UTC 2008
Author: thijs
Date: 2008-01-14 19:36:42 +0000 (Mon, 14 Jan 2008)
New Revision: 7919
Modified:
data/CVE/list
Log:
Do some more wordpress cleanup. Merge some temp issues into their assigned CVE
id's, add a note, mark some as not relevant to etch.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-14 19:02:01 UTC (rev 7918)
+++ data/CVE/list 2008-01-14 19:36:42 UTC (rev 7919)
@@ -343,8 +343,6 @@
NOT-FOR-US: MySpace Content Zone
CVE-2008-XXXX [splitvt fails to drop group utmp priviledges]
- splitvt 1.6.6-4
-CVE-2008-XXXX [wordpress information leak]
- - wordpress 2.3.2-1 (bug #459305)
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)
NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET ...)
@@ -1306,7 +1304,8 @@
CVE-2007-6319
RESERVED
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...)
- - wordpress <unfixed> (low; bug #456277)
+ - wordpress 2.3.2-1 (low; bug #459305)
+ [etch] - wordpress <not-affected> (Vulnerable code not present)
NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web ...)
NOT-FOR-US: BarracudaDrive
@@ -2951,7 +2950,8 @@
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
NOT-FOR-US: Conflict
CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)
- - wordpress 2.3.1-1 (low)
+ - wordpress 2.3.1-1 (unimportant)
+ NOTE: requires register_globals On, which we don't support
CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
@@ -5665,6 +5665,7 @@
[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...)
- wordpress 2.2.3-1 (low)
+ [etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, ...)
NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
@@ -5968,8 +5969,6 @@
NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
RESERVED
-CVE-2007-XXXX [wordpress: Users without unfiltered_html capability can post arbitrary html]
- - wordpress 2.2.3-1
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...)
NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in ...)
@@ -10645,6 +10644,7 @@
NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...)
- wordpress 2.2-1 (high)
+ NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...)
NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...)
@@ -11096,6 +11096,7 @@
NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...)
- wordpress 2.2.2-1 (low)
+ [etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626 (** DISPUTED ** ...)
NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
More information about the Secure-testing-commits
mailing list