[Secure-testing-commits] r56075 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Sep 23 21:12:42 UTC 2017 

Author: carnil
Date: 2017-09-23 21:12:41 +0000 (Sat, 23 Sep 2017)
New Revision: 56075

Modified:
   data/CVE/list
Log:
CVEs assigned for wordpress issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-23 21:10:14 UTC (rev 56074)
+++ data/CVE/list	2017-09-23 21:12:41 UTC (rev 56075)
@@ -1,21 +1,21 @@
 CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversal ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site ...)
-	TODO: check
+	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
 	- weechat <unfixed> (bug #876553)
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
@@ -51,24 +51,6 @@
 	RESERVED
 CVE-2017-14702
 	RESERVED
-CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in the link modal]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in template names]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Path traversal vulnerability in the customizer]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Open redirect in the user and term edit screens]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in the plugin editor]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Path traversal vulnerability in the file unzipping code]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in the visual editor]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [Cross-site scripting (XSS) vulnerability in the oEmbed discovery]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
-CVE-2017-XXXX [$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)]
-	- wordpress 4.8.2+dfsg-1 (bug #876274)
 CVE-2017-14701
 	RESERVED
 CVE-2017-14700

More information about the Secure-testing-commits mailing list