[Secure-testing-commits] r30337 - data/CVE

Tue, 25 Nov 2014 13:17:35 -0800 

Author: carnil
Date: 2014-11-25 21:17:05 +0000 (Tue, 25 Nov 2014)
New Revision: 30337

Modified:
   data/CVE/list
Log:
CVEs for wordpress assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-11-25 21:13:42 UTC (rev 30336)
+++ data/CVE/list       2014-11-25 21:17:05 UTC (rev 30337)
@@ -28,10 +28,33 @@
        - clamav 0.98.5+dfsg-1 (bug #770985)
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11155
        NOTE: Upstream commit: 
https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
-CVE-2014-XXXX [wordpress various vulnerabilities]
+CVE-2014-9039 [Previously an email address change would not invalidate a 
previous password reset email]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9038 [SSRF: Safe HTTP requests did not sufficiently block the 
loopback IP address space]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9037 [Hash comparison vulnerability in old-style MD5-stored passwords]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9036 [XSS in HTML filtering of CSS in posts]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9035 [XSS in Press This]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9034 [Denial of service for giant passwords]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9033 [CSRF in the password reset process]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9032 [XSS in media playlists]
+        - wordpress 4.0.1+dfsg-1 (bug #770425)
+        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
+CVE-2014-9031 [XSS in wptexturize() via comments or posts]
        - wordpress 4.0.1+dfsg-1 (bug #770425)
        NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
-       NOTE: split this entry up when CVEs assigned
 CVE-2014-9028 [Heap buffer write overflow]
        - flac <unfixed> (bug #770918)
        NOTE: Upstream patch 
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
@@ -92,7 +115,6 @@
        - drupal7 7.32-1+deb8u1 (bug #770469)
        - drupal6 <not-affected> (Only affects Drupal 7.x)
        NOTE: https://www.drupal.org/SA-CORE-2014-006
-       - wordpress 4.0.1+dfsg-1 (bug #770425)
 CVE-2014-9018 [on-connect scripts: icecast can leak output to attentive 
sources]
        - icecast2 <unfixed> (bug #770222)
        NOTE: https://trac.xiph.org/ticket/2089


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to