[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for wordpress status on CVE-2018-5776
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 23 19:51:43 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c288c98a by Salvatore Bonaccorso at 2018-01-23T20:48:58+01:00
Add note for wordpress status on CVE-2018-5776
Tracking would have been actually enought to track 4.1+dfsg-1 as fixing
version since that version removed the two problematic files, and those
were never agin introduced (they are *not* present in 4.9.1+dfsg-1 for
example, but upstream 4.9.2 then removed the whole problematic
mediaelement part).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -624,6 +624,10 @@ CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...
- wordpress 4.9.2+dfsg-1 (bug #887596)
[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
+ NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
+ NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
+ NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
+ NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files.
NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180123/912ca889/attachment.html>
More information about the Secure-testing-commits
mailing list