[Secure-testing-commits] r42760 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 23 19:01:59 UTC 2016
Author: carnil
Date: 2016-06-23 19:01:59 +0000 (Thu, 23 Jun 2016)
New Revision: 42760
Modified:
data/CVE/list
Log:
Add new wordpress issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-23 18:56:52 UTC (rev 42759)
+++ data/CVE/list 2016-06-23 19:01:59 UTC (rev 42760)
@@ -1,3 +1,27 @@
+CVE-2016-5839 [... some less secure sanitize_file_name edge cases]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5838 [password change via stolen cookie]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5837 [unauthorized category removal from a post]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5836 [oEmbed denial of service]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5835 [revision history information disclosure]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5834 [XSS problem via attachment name]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5833 [XSS problem via attachment name]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
+CVE-2016-5832 [redirect bypass in the customizer]
+ - wordpress 4.5.3+dfsg-1
+ NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5773 [ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize]
- php7.0 <unfixed>
- php5 <unfixed>
More information about the Secure-testing-commits
mailing list