[Secure-testing-commits] r7940 - data/CVE

[thijs at alioth.debian.org]

Author: thijs
Date: 2008-01-16 12:50:31 +0000 (Wed, 16 Jan 2008)
New Revision: 7940

Modified:
   data/CVE/list
Log:
do some more shifting on wordpress issues, associate them with the
wordpress package, discard some irrelevant ones. Have checked none
with lenny/sid, that needs to happen still.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-16 12:43:25 UTC (rev 7939)
+++ data/CVE/list	2008-01-16 12:50:31 UTC (rev 7940)
@@ -194,22 +194,26 @@
 CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: WP-ContactForm plugin for WordPress
 CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...)
-	TODO: check
-	NOTE: poked hendry
+	- wordpress <unfixed>
+	TODO: check if testing/unstable is affected
 CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain ...)
-	TODO: check
+	- wordpress <unfixed> (unimportant)
+	NOTE: full path and DB structure already known on Debian
 	NOTE: poked hendry
 CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...)
+	- wordpress <unfixed>
 	TODO: check
 	NOTE: poked hendry
 CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...)
-	TODO: check
+	- wordpress <unfixed>
+	TODO: check; exact affectedness needs to be verified
 	NOTE: poked hendry
 CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
-	TODO: check
+	- wordpress 2.0.10-1
 	NOTE: poked hendry
 CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...)
-	TODO: check
+	- wordpress <unfixed> (unimportant)
+	NOTE: full path and DB structure already known on Debian
 	NOTE: poked hendry
 CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: AwesomeTemplateEngine