Candidate: CVE-2013-2203
PublicDate: 2013-07-08 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2203
 http://codex.wordpress.org/Version_3.5.2
Description:
 WordPress before 3.5.2, when the uploads directory forbids write access,
 allows remote attackers to obtain sensitive information via an invalid
 upload request, which reveals the absolute path in an XMLHttpRequest error
 message.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (3.5.2+dfsg-1)
lucid_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needs-triage)
quantal_wordpress: ignored (reached end-of-life)
raring_wordpress: ignored (reached end-of-life)
saucy_wordpress: not-affected (3.5.2+dfsg-1)
trusty_wordpress: not-affected (3.5.2+dfsg-1)
trusty/esm_wordpress: DNE (trusty was not-affected [3.5.2+dfsg-1])
utopic_wordpress: not-affected (3.5.2+dfsg-1)
vivid_wordpress: not-affected (3.5.2+dfsg-1)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: not-affected (3.5.2+dfsg-1)
xenial_wordpress: not-affected (3.5.2+dfsg-1)
yakkety_wordpress: not-affected (3.5.2+dfsg-1)
zesty_wordpress: not-affected (3.5.2+dfsg-1)
devel_wordpress: not-affected (3.5.2+dfsg-1)