[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] wordpress fixed

Moritz Muehlenhoff jmm at debian.org
Sun Apr 8 11:33:48 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f64b1adb by Moritz Muehlenhoff at 2018-04-08T12:33:24+02:00
wordpress fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -39,13 +39,13 @@ CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the sta
 	NOTE: https://caml.inria.fr/mantis/view.php?id=7765
 	NOTE: Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c
 CVE-2018-XXXX [wordpress: Don't treat localhost as same host by default]
-	- wordpress <unfixed> (bug #895034)
+	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42894
 CVE-2018-XXXX [wordpress: Use safe redirects when redirecting the login page if SSL is forced]
-	- wordpress <unfixed> (bug #895034)
+	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42892
 CVE-2018-XXXX [wordpress: Make sure the version string is correctly escaped for use in generator tags]
-	- wordpress <unfixed> (bug #895034)
+	- wordpress 4.9.5+dfsg1-1 (bug #895034)
 	NOTE: https://core.trac.wordpress.org/changeset/42893
 CVE-2018-9837
 	RESERVED
@@ -9151,12 +9151,13 @@ CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovere
 CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...)
 	NOT-FOR-US: Kingsoft WPS Office
 CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a ...)
-	- wordpress <unfixed>
+	- wordpress <unfixed> (unimportant)
 	NOTE: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
 	NOTE: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
 	NOTE: https://wpvulndb.com/vulnerabilities/9021
 	NOTE: disputed by upstream as best fixed at the server level
 	NOTE: patch in progress in https://core.trac.wordpress.org/ticket/43308
+	NOTE: Architectual limitation, marginal impact
 CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote ...)
 	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
 CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f64b1adb6a85f8584530f33cd85e59ec6f4fed2e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f64b1adb6a85f8584530f33cd85e59ec6f4fed2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180408/ae44ea62/attachment.html>

More information about the debian-security-tracker-commits mailing list