[Secure-testing-team] r13076 - data/CVE

Raphael Geissert geissert at debian.org
Fri Oct 23 20:02:46 UTC 2009


Giuseppe Iuculano wrote:
>  CVE-2009-3622 [wordpress: Trackback DoS]
>  RESERVED
>  - wordpress 2.8.5-1
> +     [lenny] - wordpress <no-dsa> (Minor issue)
> +     [etch] - wordpress <no-dsa> (Minor issue)
>  NOTE: http://seclists.org/fulldisclosure/2009/Oct/263

Erm, I'm a bit hesitant about making it a no-dsa.
It is fairly easy to trigger it, specially since the php5 cgi and apache2
module both have the mbstring extention built-in.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net





More information about the Secure-testing-team mailing list