Candidate: CVE-2014-5265
PublicDate: 2014-08-18 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5265
 https://core.trac.wordpress.org/changeset/29405/branches/3.9
 https://www.drupal.org/SA-CORE-2014-004
 https://wordpress.org/news/2014/08/wordpress-3-9-2/
 https://core.trac.wordpress.org/changeset/29404
 http://cgit.drupalcode.org/drupal/diff/includes/xmlrpc.inc?id=1849830
Description:
 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and
 Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations
 without considering recursion during entity expansion, which allows remote
 attackers to cause a denial of service (memory and CPU consumption) via a
 crafted XML document containing a large number of nested entity references,
 a similar issue to CVE-2003-1564.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757312
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_drupal7:
upstream_drupal7: released (7.31-1)
lucid_drupal7: DNE
precise_drupal7: ignored (reached end-of-life)
precise/esm_drupal7: DNE (precise was needed)
trusty_drupal7: ignored (reached end-of-life)
trusty/esm_drupal7: DNE (trusty was needed)
utopic_drupal7: not-affected (7.32-1)
vivid_drupal7: not-affected (7.32-1)
vivid/stable-phone-overlay_drupal7: DNE
vivid/ubuntu-core_drupal7: DNE
wily_drupal7: not-affected (7.32-1)
xenial_drupal7: not-affected (7.32-1)
yakkety_drupal7: not-affected (7.32-1)
zesty_drupal7: not-affected (7.32-1)
artful_drupal7: not-affected (7.32-1)
bionic_drupal7: DNE
cosmic_drupal7: DNE
disco_drupal7: DNE
devel_drupal7: DNE

Patches_drupal6:
upstream_drupal6: needs-triage
lucid_drupal6: ignored (reached end-of-life)
precise_drupal6: ignored (reached end-of-life)
precise/esm_drupal6: DNE (precise was needed)
trusty_drupal6: DNE
trusty/esm_drupal6: DNE
utopic_drupal6: DNE
vivid_drupal6: DNE
vivid/stable-phone-overlay_drupal6: DNE
vivid/ubuntu-core_drupal6: DNE
wily_drupal6: DNE
xenial_drupal6: DNE
yakkety_drupal6: DNE
zesty_drupal6: DNE
artful_drupal6: DNE
bionic_drupal6: DNE
cosmic_drupal6: DNE
disco_drupal6: DNE
devel_drupal6: DNE

Patches_wordpress:
upstream_wordpress: released (3.9.2+dfsg-1)
lucid_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needed)
trusty_wordpress: released (3.8.2+dfsg-1ubuntu0.1)
trusty/esm_wordpress: DNE (trusty was released [3.8.2+dfsg-1ubuntu0.1])
utopic_wordpress: ignored (reached end-of-life)
vivid_wordpress: ignored (reached end-of-life)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: ignored (reached end-of-life)
xenial_wordpress: not-affected (3.9.2+dfsg-1)
yakkety_wordpress: ignored (reached end-of-life)
zesty_wordpress: ignored (reached end-of-life)
artful_wordpress: ignored (reached end-of-life)
bionic_wordpress: not-affected (3.9.2+dfsg-1)
cosmic_wordpress: not-affected (3.9.2+dfsg-1)
disco_wordpress: not-affected (3.9.2+dfsg-1)
devel_wordpress: not-affected (3.9.2+dfsg-1)