Hello list,
I wonder if we should remove security-tag from issue #500295? It is
tracked as TEMP-0500295-A176F7, but I do not think that this is
security vulnerability. It should also be removed from CVE/list as it
won't get CVE identifier. I do not see any practical attack vectors for
this issue. Security tracker data at the moment:
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
- wordpress <unfixed> (bug #500295; unimportant)
NOTE: bigger problems, if attacker has access to /etc/wordpress/*
In my opinion we should not leave non-issues to tracker.
- Henri Salo
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
