Author: white Date: 2009-08-23 03:33:18 +0000 (Sun, 23 Aug 2009) New Revision: 12661 Modified: data/CVE/list Log: Some wordpress etch triaging Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-22 13:20:01 UTC (rev 12660) +++ data/CVE/list 2009-08-23 03:33:18 UTC (rev 12661) @@ -10024,6 +10024,7 @@ NOT-FOR-US: Novell NetWare CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...) - wordpress 2.3.2 (low; bug #510786; bug #513959) + [etch] - wordpress <no-dsa> (Minor issue) NOTE: only the admin has manage_options capabilities by default and only editors NOTE: have upload_files capabilities NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer @@ -14997,8 +14998,7 @@ - vlc 0.8.6.h-4 (medium; bug #496265) CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...) - wordpress 2.5.1-6 (low; bug #497216) - NOTE: not so sure about etch. It contains this code but doesn''t have the force-ssl - NOTE: mechanism in the first place. + [etch] - wordpress <not-affected> (Does not have force-sll mechanism) CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...) - neon27 0.28.2-4 - neon26 <not-affected> (Issue was introduced in 0.28) @@ -25528,6 +25528,7 @@ NOT-FOR-US: Beehive Forum CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...) - wordpress 2.5.0-1 (low; bug #452251) + [etch] - wordpress <no-dsa> (Minor issue) NOTE: if untrusted people are allowed to read the database they could still NOTE: crack the hash with more work, so maybe this is unimportant? CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)