Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=bba007ca4929c14d324ff5d65f62421fc9e333cf
commit bba007ca4929c14d324ff5d65f62421fc9e333cf Author: Miklos Vajna <vmik...@frugalware.org> Date: Sun Dec 12 15:53:14 2010 +0100 FSA702-wordpress diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 2b2f88a..fe8cf58 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,19 @@ <fsas> <fsa> + <id>702</id> + <date>2010-12-12</date> + <author>Miklos Vajna</author> + <package>wordpress</package> + <vulnerable>3.0.1-1</vulnerable> + <unaffected>3.0.2-1haven1</unaffected> + <bts>http://bugs.frugalware.org/task/4382</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257</cve> + <desc>A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. + Input passed via the "Send Trackbacks" field when creating a new post is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. + Successful exploitation of this vulnerability requires "Author-level" permissions.</desc> + </fsa> + <fsa> <id>701</id> <date>2010-12-12</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git