[Secure-testing-team] [Secure-testing-commits] r12595 - in data: CVE DSA
Michael S Gilbert
michael.s.gilbert at gmail.com
Fri Aug 14 21:18:28 UTC 2009
On Fri, Aug 14, 2009 at 5:16 PM, Michael S
Gilbert<michael.s.gilbert at gmail.com> wrote:
>>> Because in DSA-1285-1 the security team uploaded a new upstream security
>>> release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy version).
>>
>> ok, i can't find that claimed in the 2.0.10 etch package nor in any of
>> the upstream announcements, and there are no code references from mitre
>> to check against. perhaps i have missed something or you have verified
>> against the proof-of-concept?
>
> perhaps this is the commit you've checked against [0]? that seems to
> be for 2007-1622.
>
> [0] http://core.trac.wordpress.org/ticket/4092
maybe the two are the same since the descriptions sound very similar,
but if that's the case, wouldn't one get REJECTED?
mike
More information about the Secure-testing-team
mailing list