[Secure-testing-commits] r12590 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Fri Aug 14 14:51:42 UTC 2009
Author: derevko-guest
Date: 2009-08-14 14:51:41 +0000 (Fri, 14 Aug 2009)
New Revision: 12590
Modified:
data/CVE/list
Log:
wordpress in etch wasn't affected by CVE-2008-0664, and patch in DSA-1601-1 introduced a regression (#491846). Added a TODO entry to remove the broken patch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-14 09:19:39 UTC (rev 12589)
+++ data/CVE/list 2009-08-14 14:51:41 UTC (rev 12590)
@@ -22356,9 +22356,11 @@
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)
{DSA-1601-1}
- wordpress 2.3.3-1 (medium; bug #464170)
+ [etch] - wordpress <not-affected> (vulnerable code not present)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
TODO: check if packages embedding xmlrpc share this code
+ TODO: DSA-1601-1 introduced a regression in the etch version (#491846). That patch should be removed in the next DSA.
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3
More information about the Secure-testing-commits
mailing list