Author: derevko-guest
Date: 2009-08-14 14:51:41 +0000 (Fri, 14 Aug 2009)
New Revision: 12590
Modified:
data/CVE/list
Log:
wordpress in etch wasn''t affected by CVE-2008-0664, and patch in
DSA-1601-1 introduced a regression (#491846). Added a TODO entry to remove the
broken patch
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-14 09:19:39 UTC (rev 12589)
+++ data/CVE/list 2009-08-14 14:51:41 UTC (rev 12590)
@@ -22356,9 +22356,11 @@
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before
2.3.3, ...)
{DSA-1601-1}
- wordpress 2.3.3-1 (medium; bug #464170)
+ [etch] - wordpress <not-affected> (vulnerable code not present)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
TODO: check if packages embedding xmlrpc share this code
+ TODO: DSA-1601-1 introduced a regression in the etch version (#491846). That
patch should be removed in the next DSA.
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in
tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3