[Secure-testing-commits] r34136 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri May 8 17:06:18 UTC 2015
Author: carnil
Date: 2015-05-08 17:06:18 +0000 (Fri, 08 May 2015)
New Revision: 34136
Modified:
data/CVE/list
Log:
Update notes for wordpress
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-08 17:01:02 UTC (rev 34135)
+++ data/CVE/list 2015-05-08 17:06:18 UTC (rev 34136)
@@ -27,6 +27,11 @@
[squeeze] - wordpress <not-affected> (twentyfifteen theme not present)
NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
NOTE: https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/
+ NOTE: The default theme twentyfifteen is not present in wheezy. Upstream has
+ NOTE: commited https://core.trac.wordpress.org/changeset/32385 though which
+ NOTE: will enericons example.html files if present. As the file was included
+ NOTE: in other popular themes and plugins maybe it should as well be included
+ NOTE: in an update for wordpress for wheezy?
CVE-2015-XXXX [V3 protocol handler vulnerable to downgrade attacks]
- zeromq3 4.0.5+dfsg-3 (bug #784366)
NOTE: https://github.com/zeromq/libzmq/issues/1273
More information about the Secure-testing-commits
mailing list