[Secure-testing-commits] r48016 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 14 06:56:49 UTC 2017
Author: carnil
Date: 2017-01-14 06:56:49 +0000 (Sat, 14 Jan 2017)
New Revision: 48016
Modified:
data/CVE/list
Log:
Add CVE Request references and notes for wordpress
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-14 04:14:28 UTC (rev 48015)
+++ data/CVE/list 2017-01-14 06:56:49 UTC (rev 48016)
@@ -1,17 +1,37 @@
CVE-2017-XXXX [WordPress 4.7 - User Information Disclosure via REST API]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8715
+ NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CVE-2017-XXXX [WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8716
+ NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
CVE-2017-XXXX [WordPress 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8717
CVE-2017-XXXX [WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8718
+ NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CVE-2017-XXXX [WordPress <= 4.7 - Post via Email Checks mail.example.com by Default]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8719
+ NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CVE-2017-XXXX [WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8720
+ NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CVE-2017-XXXX [WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)]
- wordpress 4.7.1+dfsg-1
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://wpvulndb.com/vulnerabilities/8721
+ NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CVE-2017-5356 [Irssi out of bounds read in format string]
- irssi 0.8.21-1 (low)
[jessie] - irssi <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list