[Secure-testing-commits] r44475 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Sep 10 08:08:28 UTC 2016


Author: carnil
Date: 2016-09-10 08:08:28 +0000 (Sat, 10 Sep 2016)
New Revision: 44475

Modified:
   data/CVE/list
Log:
Add changeset for CVE-2016-689{6,7}/wordpress

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-10 06:31:31 UTC (rev 44474)
+++ data/CVE/list	2016-09-10 08:08:28 UTC (rev 44475)
@@ -880,18 +880,18 @@
 	[wheezy] - lshell <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ghantoos/lshell/issues/149
 	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
-CVE-2016-6897
+CVE-2016-6897 [CSRF]
 	RESERVED
 	- wordpress 4.6.1+dfsg-1 (bug #837090)
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
-	TODO: check older versions
-CVE-2016-6896
+	NOTE: https://core.trac.wordpress.org/changeset/38168
+CVE-2016-6896 [directory traversal vulnerability]
 	RESERVED
 	- wordpress 4.6.1+dfsg-1 (bug #837090)
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
-	TODO: check older versions
+	NOTE: https://core.trac.wordpress.org/changeset/38168
 CVE-2016-6893 (Cross-site request forgery (CSRF) vulnerability in the user options ...)
 	{DLA-608-1}
 	- mailman <unfixed> (bug #835970)




More information about the Secure-testing-commits mailing list