[Secure-testing-commits] r33919 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 28 20:39:52 UTC 2015
Author: carnil
Date: 2015-04-28 20:39:52 +0000 (Tue, 28 Apr 2015)
New Revision: 33919
Modified:
data/CVE/list
Log:
Update wordpress CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-28 20:17:04 UTC (rev 33918)
+++ data/CVE/list 2015-04-28 20:39:52 UTC (rev 33919)
@@ -13,16 +13,30 @@
NOTE: returned error from dovecot, related to openssl bug:
NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
NOTE: Possibly introduced due to http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad
-CVE-2015-XXXX [Stored XSS]
+CVE-2015-3440 [Stored XSS]
- wordpress 4.2.1+dfsg-1 (bug #783554)
NOTE: http://klikki.fi/adv/wordpress2.html
NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/27/4
-CVE-2015-XXXX [several vulnerabilities]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/27/4
+ NOTE: https://core.trac.wordpress.org/changeset/32299
+CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
- wordpress 4.2+dfsg-1 (bug #783347)
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/26/2
- TODO: check affected versions
+ NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
+ NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
+CVE-2015-XXXX [files with invalid or unsafe names could be uploaded]
+ - wordpress 4.2+dfsg-1 (bug #783347)
+ NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
+ NOTE: NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
+ NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
+CVE-2015-3439 [limited cross-site scripting which could be used as part of a social engineering attack.]
+ - wordpress 4.2+dfsg-1 (bug #783347)
+ NOTE: http://codex.wordpress.org/Version_4.1.2
+ NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
+CVE-2015-3438 [cross-site scriptiong vulnerability]
+ - wordpress 4.2+dfsg-1 (bug #783347)
+ NOTE: http://codex.wordpress.org/Version_4.1.2
+ NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-XXXX [XEE]
- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/25/2
More information about the Secure-testing-commits
mailing list