[Secure-testing-commits] r12661 - data/CVE
Steffen Joeris
white at alioth.debian.org
Sun Aug 23 03:33:29 UTC 2009
Author: white
Date: 2009-08-23 03:33:18 +0000 (Sun, 23 Aug 2009)
New Revision: 12661
Modified:
data/CVE/list
Log:
Some wordpress etch triaging
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-22 13:20:01 UTC (rev 12660)
+++ data/CVE/list 2009-08-23 03:33:18 UTC (rev 12661)
@@ -10024,6 +10024,7 @@
NOT-FOR-US: Novell NetWare
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
- wordpress 2.3.2 (low; bug #510786; bug #513959)
+ [etch] - wordpress <no-dsa> (Minor issue)
NOTE: only the admin has manage_options capabilities by default and only editors
NOTE: have upload_files capabilities
NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
@@ -14997,8 +14998,7 @@
- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
- wordpress 2.5.1-6 (low; bug #497216)
- NOTE: not so sure about etch. It contains this code but doesn't have the force-ssl
- NOTE: mechanism in the first place.
+ [etch] - wordpress <not-affected> (Does not have force-sll mechanism)
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...)
- neon27 0.28.2-4
- neon26 <not-affected> (Issue was introduced in 0.28)
@@ -25528,6 +25528,7 @@
NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...)
- wordpress 2.5.0-1 (low; bug #452251)
+ [etch] - wordpress <no-dsa> (Minor issue)
NOTE: if untrusted people are allowed to read the database they could still
NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)
More information about the Secure-testing-commits
mailing list