[Secure-testing-commits] r12567 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Aug 11 19:20:39 UTC 2009


Author: gilbert-guest
Date: 2009-08-11 19:20:39 +0000 (Tue, 11 Aug 2009)
New Revision: 12567

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
wordpress issue is an spu/ospu candidate


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-11 18:43:00 UTC (rev 12566)
+++ data/CVE/list	2009-08-11 19:20:39 UTC (rev 12567)
@@ -1,8 +1,11 @@
 CVE-2009-XXXX [wordpress password reset]
-	- wordpress <unfixed> (unimportant; bug #541102)
+	- wordpress <unfixed> (low; bug #541102)
 	[lenny] - wordpress <no-dsa> (Minor issue)
 	[etch] - wordpress <no-dsa> (Minor issue)
 	NOTE: not really a security issue in my opinion, just an annoying bug
+	NOTE: attacker can gain access to wordpress accounts, which is undesirable,
+	NOTE: but not horribly useful or bad for the rest of the system
+	NOTE: this is targeted to be fixed in stable point releases
 CVE-2009-XXXX [libxerces2-java: xml-based firewall bypass / port scanning]
 	- libxerces2-java <unfixed> (low; bug #540862)
 	[etch] - libxerces2-java <no-dsa> (minor issue)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-08-11 18:43:00 UTC (rev 12566)
+++ data/ospu-candidates.txt	2009-08-11 19:20:39 UTC (rev 12567)
@@ -718,6 +718,12 @@
 
 --
 
+wordpress
+bug #541102
+notified maintainer
+
+--
+
 wyrd (CVE-2008-0806)
 bug #466382
 notified maintainer

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-08-11 18:43:00 UTC (rev 12566)
+++ data/spu-candidates.txt	2009-08-11 19:20:39 UTC (rev 12567)
@@ -196,6 +196,12 @@
 
 --
 
+wordpress
+bug #541102
+notified maintainer
+
+--
+
 xemacs21 (CVE-2008-2142)
 bug #480877
 notified maintainer




More information about the Secure-testing-commits mailing list