Author: jmm-guest Date: 2005-08-14 19:30:04 +0000 (Sun, 14 Aug 2005) New Revision: 1581 Modified: data/CAN/list Log: wordpress bugnum update on gforge issues BTW, from next wednesday I''ll be on vacation for a week. I won''t have email access, so don''t wonder if you don''t get a reply on mails. Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-14 11:55:27 UTC (rev 1580) +++ data/CAN/list 2005-08-14 19:30:04 UTC (rev 1581) @@ -1,5 +1,5 @@ CAN-2005-XXXX [Arbitrary command execution in wordpress through through cookie handling] - - wordpress (unfixed; bug filed; medium) + - wordpress (unfixed; bug #323040; medium) CAN-2005-XXXX [phpldapadmin doesn''t fully prevent anonymous access when configured so] - phpldapadmin 0.9.6c-5 (medium) CAN-2005-XXXX [Multiple format string vulnerabilities in Evolution] @@ -390,9 +390,11 @@ CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...) NOTE: not-for-us (PhpList) CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...) - NOTE: Pinged maintainer, whether these are present in Debian''s much older version + NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian + - gforge (unfixed; medium) CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...) - NOTE: Pinged maintainer, whether these are present in Debian''s much older version + NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian + - gforge (unfixed; medium) CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...) NOTE: not-for-us (Firefox on Windows) CAN-2005-2428 (Lotus Domino R5 and R6 WebMail stores data in hidden form fields in ...)