Author: seb
Date: 2017-06-01 04:24:45 +0000 (Thu, 01 Jun 2017)
New Revision: 52170
Modified:
data/CVE/list
Log:
Remove "jessie -> not-affected" tag for CVE-2017-9066 (wordpress)
The code has changed so much since 4.1 that we cannot assert the problem
is not present. On the functional side, the lack of a reproducer or test
case for the flaw also makes it impossible to conclude for sure.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-31 21:10:12 UTC (rev 52169)
+++ data/CVE/list 2017-06-01 04:24:45 UTC (rev 52170)
@@ -952,7 +952,6 @@
NOT-FOR-US: HooHoo Trip Mate
CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect
validation in ...)
- wordpress 4.7.5+dfsg-1 (bug #862816)
- [jessie] - wordpress <not-affected> (Vulnerable code not present,
Request library introduced in 4.6)
NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
NOTE:
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks
for ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
