Secure testing commits - Jun 2009 - r12032 - data/CVE

Author: thomasbl-guest
Date: 2009-06-03 00:01:06 +0000 (Wed, 03 Jun 2009)
New Revision: 12032

Modified:
   data/CVE/list
Log:
CVE-2008-676{2,7} -> wordpress, not-affected



Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-02 22:06:16 UTC (rev 12031)
+++ data/CVE/list	2009-06-03 00:01:06 UTC (rev 12032)
@@ -1099,7 +1099,7 @@
 CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB
0.3.12 ...)
 	NOT-FOR-US: SMA-DB 
 CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
...)
-	TODO: check
+	- wordpress <not-affected> (Vulnerable code not present, only affects
2.6.x)
 CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows
remote ...)
 	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
 CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to
access ...)
@@ -1109,7 +1109,7 @@
 CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to
...)
 	NOT-FOR-US: Silentum LoginSys
 CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in
WordPress, ...)
-	TODO: check
+	- wordpress <not-affected> (Vulnerable code not present, only affects
2.6.x)
 CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
 	NOT-FOR-US: Flexcustomer
 CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to
obtain ...)

Hi Thomas,

Thomas Bl?sing ha scritto:
> Log:
> CVE-2008-676{2,7} -> wordpress, not-affected
Have you checked these? Vulnerable code is present in 2.7.x, and I also
reproduced both issues with wordpress 2.7.1-2

Cheers,
Giuseppe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090603/fc2b0bbd/attachment.pgp>