[Secure-testing-commits] r48008 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jan 13 22:03:09 UTC 2017
Author: jmm
Date: 2017-01-13 22:03:09 +0000 (Fri, 13 Jan 2017)
New Revision: 48008
Modified:
data/CVE/list
Log:
new wordpress issues
- those affected versions need a little more confirmation before
we can consider marking suites as not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-13 21:40:35 UTC (rev 48007)
+++ data/CVE/list 2017-01-13 22:03:09 UTC (rev 48008)
@@ -1,3 +1,19 @@
+CVE-2017-XXXX [WordPress 4.3-4.7 - Potential Remote Command Execution (RCE) in PHPMailer]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 4.7 - User Information Disclosure via REST API]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress <= 4.7 - Post via Email Checks mail.example.com by Default]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)]
+ - wordpress <unfixed>
+CVE-2017-XXXX [WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)]
+ - wordpress <unfixed>
CVE-2017-5356 [Irssi out of bounds read in format string]
- irssi 0.8.21-1
NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html
More information about the Secure-testing-commits
mailing list