[Secure-testing-team] Debian bug #500295 / TEMP-0500295-A176F7
Henri Salo
henri at nerv.fi
Sat Dec 29 22:22:48 UTC 2012
Hello list,
I wonder if we should remove security-tag from issue #500295? It is
tracked as TEMP-0500295-A176F7, but I do not think that this is
security vulnerability. It should also be removed from CVE/list as it
won't get CVE identifier. I do not see any practical attack vectors for
this issue. Security tracker data at the moment:
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
- wordpress <unfixed> (bug #500295; unimportant)
NOTE: bigger problems, if attacker has access to /etc/wordpress/*
In my opinion we should not leave non-issues to tracker.
- Henri Salo
More information about the Secure-testing-team
mailing list