[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for wordpress status on CVE-2018-5776

Salvatore Bonaccorso carnil at debian.org
Tue Jan 23 19:51:43 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c288c98a by Salvatore Bonaccorso at 2018-01-23T20:48:58+01:00
Add note for wordpress status on CVE-2018-5776

Tracking would have been actually enought to track 4.1+dfsg-1 as fixing
version since that version removed the two problematic files, and those
were never agin introduced (they are *not* present in 4.9.1+dfsg-1 for
example, but upstream 4.9.2 then removed the whole problematic
mediaelement part).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -624,6 +624,10 @@ CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...
 	- wordpress 4.9.2+dfsg-1 (bug #887596)
 	[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
 	[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
+	NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
+	NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
+	NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
+	NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files.
 	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
 	NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
 CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c288c98a6bf62ba3cf772f85fbe436c095ab5842
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180123/912ca889/attachment.html>


More information about the Secure-testing-commits mailing list