[Secure-testing-commits] r32786 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Mar 11 12:40:29 UTC 2015 

Author: carnil
Date: 2015-03-11 12:40:29 +0000 (Wed, 11 Mar 2015)
New Revision: 32786

Modified:
   data/CVE/list
Log:
Mark wordpress plugins and themes as NFU

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-11 12:40:20 UTC (rev 32785)
+++ data/CVE/list	2015-03-11 12:40:29 UTC (rev 32786)
@@ -138,15 +138,15 @@
 CVE-2015-2221
 	RESERVED
 CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
-	TODO: check
+	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2015-2219
 	RESERVED
 CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
 CVE-2015-2217
 	RESERVED
 CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
-	TODO: check
+	NOT-FOR-US: Photocrati theme for WordPress
 CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
 	TODO: check
 CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
@@ -160,7 +160,7 @@
 CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
 	TODO: check
 CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...)
-	TODO: check
+	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...)
 	- chromium-browser 41.0.2272.76-1
 	[wheezy] - chromium-browser <end-of-life>
@@ -978,7 +978,7 @@
 CVE-2015-1875
 	RESERVED
 CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
-	TODO: check
+	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
 CVE-2015-1873
 	RESERVED
 CVE-2015-1872
@@ -4163,9 +4163,9 @@
 CVE-2015-0896
 	RESERVED
 CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
-	TODO: check
+	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
 CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security & Firewall ...)
-	TODO: check
+	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
 CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
 	NOT-FOR-US: Maroyaka
 CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)

More information about the Secure-testing-commits mailing list