Author: nion
Date: 2008-02-08 08:32:49 +0000 (Fri, 08 Feb 2008)
New Revision: 8105
Modified:
data/CVE/list
Log:
assigned cve ids for wml and wordpress
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-08 08:12:45 UTC (rev 8104)
+++ data/CVE/list 2008-02-08 08:32:49 UTC (rev 8105)
@@ -283,11 +283,10 @@
TODO: check
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake
CMS ...)
TODO: check
-CVE-2008-XXXX [unauthorized content modification via xml-rpc in wordpress]
+CVE-2008-0664 [unauthorized content modification via xml-rpc in wordpress]
- wordpress 2.3.3-1 (medium; bug #464170)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit
this
- NOTE: CVE id pending
TODO: check if packages embedding xmlrpc share this code
CVE-2008-0553 [buffer overflow in tk GIF handling]
RESERVED
@@ -306,10 +305,12 @@
NOTE: control over the mailinglist, so not a very important issue.
NOTE: This enhances the fix for CVE-2006-3636.
NOTE:
http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
-CVE-2008-XXXX [insecure tmp file usage in webwml]
+CVE-2008-0665 [insecure tmp file usage in ipp backend in webwml]
- wml 2.0.11-3.1 (low; bug #463907)
[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
- NOTE: CVE id pending
+CVE-2008-0666 [insecure tmp file usage wmg.cgo and eperl backend in webwml]
+ - wml 2.0.11-3.1 (low; bug #463907)
+ [sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-XXXX [deluge-torrent unspecified remote issue]
- deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows
remote ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
