[Secure-testing-commits] r9382 - in data: . CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Jul 20 17:58:11 UTC 2008
Author: nion
Date: 2008-07-20 17:58:09 +0000 (Sun, 20 Jul 2008)
New Revision: 9382
Modified:
data/CVE/list
data/embedded-code-copies
Log:
wordpress doesnt use embedded tinymce copy anymore.
please only mark as not-affected if it is really not, if the code was present some time ago but is
not anymore then mark this version as the fixed one
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-20 17:18:47 UTC (rev 9381)
+++ data/CVE/list 2008-07-20 17:58:09 UTC (rev 9382)
@@ -41199,7 +41199,10 @@
CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...)
- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
- moodle <not-affected> (has newer version)
- - wordpress <not-affected> (code doesn't exists anymore)
+ - wordpress 2.5.1-3
+ NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
+ NOTE: uses the system copy of tinymce and the exact fixed version is not
+ NOTE: really determinably anymore
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
TODO: check wordpress, moodle
- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2008-07-20 17:18:47 UTC (rev 9381)
+++ data/embedded-code-copies 2008-07-20 17:58:09 UTC (rev 9382)
@@ -291,7 +291,7 @@
- gosa 2.4beta1-1 (embed; bug #471200)
TinyMCE
- - wordpress <unfixed> (embed; bug #478257)
+ - wordpress 2.5.1-3 (embed; bug #478257)
- moodle <unfixed> (embed)
- knowledgeroot <unfixed> (embed)
- joomla <itp> (bug #326398)
More information about the Secure-testing-commits
mailing list