[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] add wordpress to dla-needed, add details in the issue

Antoine Beaupré anarcat at debian.org
Fri Feb 16 21:38:21 UTC 2018 

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73ccae4c by Antoine Beaupré at 2018-02-16T16:33:14-05:00
add wordpress to dla-needed, add details in the issue

this seems like a severe enough to warrant a patch, even though
upstream isn't ready yet.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2190,6 +2190,8 @@ CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a
 	NOTE: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
 	NOTE: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
 	NOTE: https://wpvulndb.com/vulnerabilities/9021
+	NOTE: disputed by upstream as best fixed at the server level
+	NOTE: patch in progress in https://core.trac.wordpress.org/ticket/43308
 CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote ...)
 	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
 CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded ...)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -90,3 +90,5 @@ suricata (Santiago R.R.)
   NOTE: upstream and ask for a clarification?
 --
 wavpack
+--
+wordpress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73ccae4c91a7881dffcd7471dfc7c4b8c3be76bb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73ccae4c91a7881dffcd7471dfc7c4b8c3be76bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180216/457387d3/attachment.html>

More information about the Secure-testing-commits mailing list