thijs at alioth.debian.org
2008-Jan-14 19:36 UTC
[Secure-testing-commits] r7919 - data/CVE
Author: thijs Date: 2008-01-14 19:36:42 +0000 (Mon, 14 Jan 2008) New Revision: 7919 Modified: data/CVE/list Log: Do some more wordpress cleanup. Merge some temp issues into their assigned CVE id''s, add a note, mark some as not relevant to etch. Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-14 19:02:01 UTC (rev 7918) +++ data/CVE/list 2008-01-14 19:36:42 UTC (rev 7919) @@ -343,8 +343,6 @@ NOT-FOR-US: MySpace Content Zone CVE-2008-XXXX [splitvt fails to drop group utmp priviledges] - splitvt 1.6.6-4 -CVE-2008-XXXX [wordpress information leak] - - wordpress 2.3.2-1 (bug #459305) CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...) NOT-FOR-US: Appalachian State University phpWebSite CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET ...) @@ -1306,7 +1304,8 @@ CVE-2007-6319 RESERVED CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...) - - wordpress <unfixed> (low; bug #456277) + - wordpress 2.3.2-1 (low; bug #459305) + [etch] - wordpress <not-affected> (Vulnerable code not present) NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416 CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web ...) NOT-FOR-US: BarracudaDrive @@ -2951,7 +2950,8 @@ CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...) NOT-FOR-US: Conflict CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...) - - wordpress 2.3.1-1 (low) + - wordpress 2.3.1-1 (unimportant) + NOTE: requires register_globals On, which we don''t support CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...) NOT-FOR-US: Sony SonicStage CONNECT Player CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...) @@ -5665,6 +5665,7 @@ [etch] - wordpress <not-affected> (Vulnerable code not yet introduced) CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...) - wordpress 2.2.3-1 (low) + [etch] - wordpress <not-affected> (Vulnerable code not yet introduced) CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, ...) NOT-FOR-US: Plesk (Windows) CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer] @@ -5968,8 +5969,6 @@ NOTE: glib only embeds pcre in the udeb, no attack vector CVE-2007-4765 RESERVED -CVE-2007-XXXX [wordpress: Users without unfiltered_html capability can post arbitrary html] - - wordpress 2.2.3-1 CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...) NOT-FOR-US: Pawfaliki CVE-2007-4763 (PHP remote file inclusion vulnerability in ...) @@ -10645,6 +10644,7 @@ NOT-FOR-US: TutorialCMS CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...) - wordpress 2.2-1 (high) + NOTE: seems present in etch even though admin-ajax.php was not shipped yet CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...) NOT-FOR-US: KSign CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...) @@ -11096,6 +11096,7 @@ NOT-FOR-US: PHPSecurityAdmin CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...) - wordpress 2.2.2-1 (low) + [etch] - wordpress <not-affected> (Vulnerable code not present) CVE-2007-2626 (** DISPUTED ** ...) NOT-FOR-US: SchoolBoard CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)