thomasbl-guest at alioth.debian.org
2008-Jun-11 17:03 UTC
[Secure-testing-commits] r9035 - data/CVE
Author: thomasbl-guest Date: 2008-06-11 17:03:55 +0000 (Wed, 11 Jun 2008) New Revision: 9035 Modified: data/CVE/list Log: new try for ''opened bug #485807 for wordpress'' Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-06-11 16:58:57 UTC (rev 9034) +++ data/CVE/list 2008-06-11 17:03:55 UTC (rev 9035) @@ -347,10 +347,8 @@ CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...) NOT-FOR-US: EntertainmentScript CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...) - - wordpress <unfixed> - NOTE: could not reproduce this. Anyway, wordpress security policy - NOTE: checks files only by extension so this should only affect misconfigured - NOTE: webservers. Poked wordpress upstream to get a confirmation of this vulnerability + - wordpress <unfixed> (low; bug #485807) + NOTE: seems to be fixed within wordpress-bug #7113 ?! CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...) NOT-FOR-US: SubSonic CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)