Author: geissert Date: 2010-12-10 23:02:28 +0000 (Fri, 10 Dec 2010) New Revision: 15682 Modified: data/CVE/list Log: new wordpress and linux issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-10 21:14:53 UTC (rev 15681) +++ data/CVE/list 2010-12-10 23:02:28 UTC (rev 15682) @@ -1,3 +1,6 @@ +CVE-2010-XXXX [wordpress: insufficient permissions verification on XMLRPC interface] + - wordpress <unfixed> (bug #606657) + NOTE: http://core.trac.wordpress.org/changeset/16803 CVE-2010-4543 RESERVED CVE-2010-4542 @@ -530,8 +533,10 @@ RESERVED CVE-2010-4347 RESERVED -CVE-2010-4346 +CVE-2010-4346 [linux: install_special_mapping skips security_file_mmap check] RESERVED + - linux-2.6 <unfixed> + TODO: check CVE-2010-4345 RESERVED - exim4 <unfixed> @@ -747,7 +752,6 @@ RESERVED - linux-2.6 <unfixed> CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...) - NOTE: http://codex.wordpress.org/Version_3.0.2 NOTE: http://core.trac.wordpress.org/changeset/16625 - wordpress 3.0.2-1 (bug #605603) CVE-2010-4256 [linux: pipe_fcntl local DoS] @@ -1014,7 +1018,6 @@ NOT-FOR-US: DeluxeBB CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ...) - php5 <unfixed> - TODO: check CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...) - turbogears2 2.0.3-1 CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)