[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2012-6707, wordpress: Follow Jessie and Co. Can be postponed.
Markus Koschany
apo at debian.org
Tue Jan 30 17:53:18 UTC 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ef171d1 by Markus Koschany at 2018-01-30T18:26:00+01:00
CVE-2012-6707,wordpress: Follow Jessie and Co. Can be postponed.
- - - - -
9e1cc5d7 by Markus Koschany at 2018-01-30T18:51:14+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
577c17e5 by Markus Koschany at 2018-01-30T18:52:02+01:00
CVE-2018-5776,wordpress. Flash media files were removed previously.
- - - - -
fa569d03 by Markus Koschany at 2018-01-30T18:52:44+01:00
Remove wordpress from dla-needed.txt
- - - - -
c3ed204e by Markus Koschany at 2018-01-30T18:53:05+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1610,6 +1610,7 @@ CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...
- wordpress 4.9.2+dfsg-1 (bug #887596)
[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
+ [wheezy] - wordpress <not-affected> (Vulnerable files have been removed before)
NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
@@ -20918,6 +20919,7 @@ CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ..
- wordpress <unfixed> (bug #880868)
[stretch] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
[jessie] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
+ [wheezy] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
NOTE: https://core.trac.wordpress.org/ticket/21022
NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following.
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -61,12 +61,5 @@ openjdk-7 (Emilio Pozuelo)
--
p7zip
--
-wordpress
- NOTE: CVE-2012-6707: Fix requires migrating users from MD5 -> bcrypt. (lamby)
- NOTE: This needs an upstream fix first, to ensure we don't implement a
- NOTE: solution that is incompatable with other distributions. (Brian)
- NOTE: 2018-08-09: Upstream bug opened 6 years ago and no chages to upstream
- NOTE: bug in 7 weeks.
---
xen
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bb9d200e14fa0c2091ce355735ba2afc2266231a...c3ed204ef455168784d8e5341d88f6179d8acac4
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/bb9d200e14fa0c2091ce355735ba2afc2266231a...c3ed204ef455168784d8e5341d88f6179d8acac4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180130/b504dcfd/attachment.html>
More information about the Secure-testing-commits
mailing list