[Secure-testing-commits] r49484 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Mar 7 11:46:12 UTC 2017
Author: carnil
Date: 2017-03-07 11:46:12 +0000 (Tue, 07 Mar 2017)
New Revision: 49484
Modified:
data/CVE/list
Log:
wordpress fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-07 11:26:00 UTC (rev 49483)
+++ data/CVE/list 2017-03-07 11:46:12 UTC (rev 49484)
@@ -1,28 +1,28 @@
CVE-2017-XXXX [Cross-site scripting (XSS) via media file metadata]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
CVE-2017-XXXX [Control characters can trick redirect URL validation]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
CVE-2017-XXXX [Unintended files can be deleted by administrators using the plugin deletion functionality]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
[jessie] - wordpress <not-affected> (Only affects 4.7.x)
[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
CVE-2017-XXXX [Cross-site scripting (XSS) via video URL in YouTube embeds]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
CVE-2017-XXXX [Cross-site scripting (XSS) via taxonomy term names]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
[jessie] - wordpress <not-affected> (Only affects 4.7.x)
[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
CVE-2017-XXXX [Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources]
- - wordpress <unfixed> (bug #857026)
+ - wordpress 4.7.3+dfsg-1 (bug #857026)
[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
[wheezy] - wordpress <not-affected> (Only affects 4.2 and later)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
More information about the Secure-testing-commits
mailing list