[Git][security-tracker-team/security-tracker][master] Mark CVE-2019-8943/wordpress as unfixed

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbf143c2 by Salvatore Bonaccorso at 2019-04-14T19:01:43Z
Mark CVE-2019-8943/wordpress as unfixed

Whilst the RCE part of the Ripstech blog posted issue was fixed the CVE
is specifically for the patch traversal issue which is still open.

Wordpress maintainer confirmed that the issue persists, but we might
weight the CVE differently with lower severity now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6386,7 +6386,7 @@ CVE-2019-8945
 CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...)
 	NOT-FOR-US: Terraform
 CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
-	- wordpress <undetermined> (bug #923583)
+	- wordpress <unfixed> (bug #923583)
 	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
 	NOTE: The code execution angle is fixed via gd security, details on the rest are murky.
 	NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image().



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190414/26f817d2/attachment.html>