[Secure-testing-commits] r49480 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Mar 7 11:08:15 UTC 2017 

Author: jmm
Date: 2017-03-07 11:08:15 +0000 (Tue, 07 Mar 2017)
New Revision: 49480

Modified:
   data/CVE/list
Log:
fill in wordpress details


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-07 11:05:33 UTC (rev 49479)
+++ data/CVE/list	2017-03-07 11:08:15 UTC (rev 49480)
@@ -1,6 +1,32 @@
-CVE-2017-XXXX [six new wordpress issues]
-	- wordpress <unfixed>
+CVE-2017-XXXX [Cross-site scripting (XSS) via media file metadata]
+	- wordpress <unfixed> (bug #857026)
 	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
+CVE-2017-XXXX [Control characters can trick redirect URL validation]
+	- wordpress <unfixed> (bug #857026)
+	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
+CVE-2017-XXXX [Unintended files can be deleted by administrators using the plugin deletion functionality]
+	- wordpress <unfixed> (bug #857026)
+	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
+	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
+	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
+CVE-2017-XXXX [Cross-site scripting (XSS) via video URL in YouTube embeds]
+	- wordpress <unfixed> (bug #857026)
+	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
+CVE-2017-XXXX [Cross-site scripting (XSS) via taxonomy term names]
+	- wordpress <unfixed> (bug #857026)
+	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
+	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
+	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+CVE-2017-XXXX [Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources]
+	- wordpress <unfixed> (bug #857026)
+	[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
+	[wheezy] - wordpress <not-affected> (Only affects 4.2 and later)
+	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
 CVE-2017-6506
 	RESERVED
 CVE-2017-6505 [usb: an infinite loop issue in ohci_service_ed_list]

More information about the Secure-testing-commits mailing list