[Secure-testing-commits] r49612 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 12 16:25:27 UTC 2017
Author: carnil
Date: 2017-03-12 16:25:27 +0000 (Sun, 12 Mar 2017)
New Revision: 49612
Modified:
data/CVE/list
Log:
Update CVE-2017-6818/wordpress
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-12 16:23:10 UTC (rev 49611)
+++ data/CVE/list 2017-03-12 16:25:27 UTC (rev 49612)
@@ -16,8 +16,6 @@
RESERVED
CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...)
TODO: check
-CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is ...)
- TODO: check
CVE-2017-6820 [XSS issue in handling of a style tag inside of an svg element]
- roundcube <unfixed> (bug #857473)
NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
@@ -668,11 +666,12 @@
- wordpress 4.7.3+dfsg-1 (bug #857026)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
-CVE-2017-XXXX [Cross-site scripting (XSS) via taxonomy term names]
+CVE-2017-6818 [Cross-site scripting (XSS) via taxonomy term names]
- wordpress 4.7.3+dfsg-1 (bug #857026)
[jessie] - wordpress <not-affected> (Only affects 4.7.x)
[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
+ NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
CVE-2017-XXXX [Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources]
- wordpress 4.7.3+dfsg-1 (bug #857026)
[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
More information about the Secure-testing-commits
mailing list