[Secure-testing-commits] r28307 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Aug 16 09:17:55 UTC 2014


Author: carnil
Date: 2014-08-16 09:17:55 +0000 (Sat, 16 Aug 2014)
New Revision: 28307

Modified:
   data/CVE/list
Log:
CVE-2014-5266 added (wordpress and drupal7)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-16 09:14:19 UTC (rev 28306)
+++ data/CVE/list	2014-08-16 09:17:55 UTC (rev 28307)
@@ -17,6 +17,12 @@
 	- libgcrypt11 1.5.4-1
 	- libgcrypt20 1.6.0-2
 	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
+CVE-2014-5266 [XML entity expansion attack related to xmlrpc.php]
+	- wordpress 3.9.2+dfsg-1 (bug #757312)
+	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
+	- drupal7 7.31-1
+	- drupal6 <removed>
+	NOTE: https://www.drupal.org/SA-CORE-2014-004
 CVE-2014-5265 [XML entity expansion attack related to xmlrpc.php]
 	{DSA-3001-1 DSA-2999-1}
 	- wordpress 3.9.2+dfsg-1 (bug #757312)




More information about the Secure-testing-commits mailing list