Summary: | www-apps/wordpress < 2.3.2 Multiple vulnerabilities (CVE-2008-{0191,0193,0195}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html | ||
Whiteboard: | ~4 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-01-15 15:04:53 UTC
I bugged upstream about the status of these vulnerabilities. Upstream replied: > CVE-2008-0191 Cannot reproduce on 2.3.2 - db errors are hidden in 2.3.2. Relavent trac tickets: http://trac.wordpress.org/ticket/5471 http://trac.wordpress.org/ticket/5473 > CVE-2008-0193 Can't directly affect 2.3.2 - wp-db-backup is not included in the WordPress 2.3.2 release. > CVE-2008-0195 Can't reproduce on 2.3.2 _________ I did not test on a fresh 2.3.2 install -- confirmed their findings, so this is INVALID. |