[Secure-testing-commits] r9035 - data/CVE
thomasbl-guest at alioth.debian.org
thomasbl-guest at alioth.debian.org
Wed Jun 11 17:03:56 UTC 2008
Author: thomasbl-guest
Date: 2008-06-11 17:03:55 +0000 (Wed, 11 Jun 2008)
New Revision: 9035
Modified:
data/CVE/list
Log:
new try for 'opened bug #485807 for wordpress'
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-11 16:58:57 UTC (rev 9034)
+++ data/CVE/list 2008-06-11 17:03:55 UTC (rev 9035)
@@ -347,10 +347,8 @@
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...)
NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
- - wordpress <unfixed>
- NOTE: could not reproduce this. Anyway, wordpress security policy
- NOTE: checks files only by extension so this should only affect misconfigured
- NOTE: webservers. Poked wordpress upstream to get a confirmation of this vulnerability
+ - wordpress <unfixed> (low; bug #485807)
+ NOTE: seems to be fixed within wordpress-bug #7113 ?!
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
More information about the Secure-testing-commits
mailing list