Author: nion Date: 2008-02-08 08:32:49 +0000 (Fri, 08 Feb 2008) New Revision: 8105 Modified: data/CVE/list Log: assigned cve ids for wml and wordpress Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-08 08:12:45 UTC (rev 8104) +++ data/CVE/list 2008-02-08 08:32:49 UTC (rev 8105) @@ -283,11 +283,10 @@ TODO: check CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...) TODO: check -CVE-2008-XXXX [unauthorized content modification via xml-rpc in wordpress] +CVE-2008-0664 [unauthorized content modification via xml-rpc in wordpress] - wordpress 2.3.3-1 (medium; bug #464170) NOTE: The blog has to provide user accounts NOTE: A crafted XML-RPC request referring to a valid user can exploit this - NOTE: CVE id pending TODO: check if packages embedding xmlrpc share this code CVE-2008-0553 [buffer overflow in tk GIF handling] RESERVED @@ -306,10 +305,12 @@ NOTE: control over the mailinglist, so not a very important issue. NOTE: This enhances the fix for CVE-2006-3636. NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html -CVE-2008-XXXX [insecure tmp file usage in webwml] +CVE-2008-0665 [insecure tmp file usage in ipp backend in webwml] - wml 2.0.11-3.1 (low; bug #463907) [sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp) - NOTE: CVE id pending +CVE-2008-0666 [insecure tmp file usage wmg.cgo and eperl backend in webwml] + - wml 2.0.11-3.1 (low; bug #463907) + [sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp) CVE-2008-XXXX [deluge-torrent unspecified remote issue] - deluge-torrent 0.5.8.3-1 (unknown; bug #463357) CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...)