Author: seb Date: 2017-06-01 04:24:45 +0000 (Thu, 01 Jun 2017) New Revision: 52170
Modified: data/CVE/list Log: Remove "jessie -> not-affected" tag for CVE-2017-9066 (wordpress) The code has changed so much since 4.1 that we cannot assert the problem is not present. On the functional side, the lack of a reproducer or test case for the flaw also makes it impossible to conclude for sure. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-05-31 21:10:12 UTC (rev 52169) +++ data/CVE/list 2017-06-01 04:24:45 UTC (rev 52170) @@ -952,7 +952,6 @@ NOT-FOR-US: HooHoo Trip Mate CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation in ...) - wordpress 4.7.5+dfsg-1 (bug #862816) - [jessie] - wordpress <not-affected> (Vulnerable code not present, Request library introduced in 4.6) NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits