[Secure-testing-commits] r28116 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Aug 7 04:44:23 UTC 2014


Author: carnil
Date: 2014-08-07 04:44:23 +0000 (Thu, 07 Aug 2014)
New Revision: 28116

Modified:
   data/CVE/list
Log:
Add temporary items for not yet CVEified issues in wordpress and drupal

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-07 00:21:11 UTC (rev 28115)
+++ data/CVE/list	2014-08-07 04:44:23 UTC (rev 28116)
@@ -1,3 +1,23 @@
+CVE-2014-XXXX [cross-site scripting]
+	- wordpress <unfixed>
+	NOTE: XSS: https://core.trac.wordpress.org/changeset/29398
+	TODO: check
+CVE-2014-XXXX [protections against brute attacks against CSRF tokens]
+	- wordpress <unfixed>
+	NOTE: https://core.trac.wordpress.org/changeset/29384
+	NOTE: https://core.trac.wordpress.org/changeset/29408
+	TODO: check
+CVE-2014-XXXX [unsafe serialization vulnerability]
+	- wordpress <unfixed>
+	NOTE: https://core.trac.wordpress.org/changeset/29389 
+	TODO: check
+CVE-2014-XXXX [XML entity expansion attack related to xmlrpc.php]
+	- wordpress <unfixed>
+	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
+	- drupal7 <unfixed>
+	- drupal6 <removed>
+	NOTE: https://www.drupal.org/SA-CORE-2014-004
+	TODO: check
 CVE-2014-XXXX [vulnerabilities in Keystone revocation events]
 	- keystone <unfixed>
 	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
@@ -7797,6 +7817,9 @@
 	[squeeze] - php-getid3 <not-affected> (Vulnerable code not present)
 	NOTE: owncloud advisory does not mention details for GetID3
 	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
+	- wordpress <undetermined>
+	NOTE: https://core.trac.wordpress.org/changeset/29390 
+	TODO: check if relevant for wordpress in Debian
 CVE-2014-2052
 	RESERVED
 	- owncloud 6.0.2+dfsg-1




More information about the Secure-testing-commits mailing list