[Secure-testing-commits] r44482 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-09-10 12:29:33 +0000 (Sat, 10 Sep 2016)
New Revision: 44482

Modified:
   data/CVE/list
Log:
Update information for CVE-2016-689{6,7} for jessie (and thus as well wheezy)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-10 12:08:33 UTC (rev 44481)
+++ data/CVE/list	2016-09-10 12:29:33 UTC (rev 44482)
@@ -886,12 +886,16 @@
 CVE-2016-6897 [CSRF]
 	RESERVED
 	- wordpress 4.6.1+dfsg-1 (bug #837090)
+	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
+	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
 	NOTE: https://core.trac.wordpress.org/changeset/38168
 CVE-2016-6896 [directory traversal vulnerability]
 	RESERVED
 	- wordpress 4.6.1+dfsg-1 (bug #837090)
+	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
+	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
 	NOTE: http://seclists.org/oss-sec/2016/q3/347
 	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
 	NOTE: https://core.trac.wordpress.org/changeset/38168