[Git][security-tracker-team/security-tracker][master] Splitup temporary entry for Wordpress into two assigned CVEs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 26 20:53:47 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f24f42c by Salvatore Bonaccorso at 2019-12-26T20:53:09Z
Splitup temporary entry for Wordpress into two assigned CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1074,10 +1074,17 @@ CVE-2019-19835
RESERVED
CVE-2019-19834
RESERVED
-CVE-2019-XXXX [several vulnerabilities fixed in WordPress 5.3.1]
+CVE-2019-16781
- wordpress <unfixed> (bug #946905)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
+ NOTE: https://hackerone.com/reports/731301
+ NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
+CVE-2019-16780
+ - wordpress <unfixed> (bug #946905)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
+ NOTE: https://hackerone.com/reports/738644
NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
- TODO: asked maintainer to request CVEs with more insight
CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shu ...)
NOT-FOR-US: Tautulli
CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add users is ma ...)
@@ -15895,10 +15902,6 @@ CVE-2019-16782 (There's a possible information leak / session hijack vulnerabili
- ruby-rack <unfixed> (bug #946983)
NOTE: https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
NOTE: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
-CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
- TODO: check
-CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
- TODO: check
CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
- ruby-excon <unfixed> (bug #946904)
NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f24f42cfb25a867ad7e65a2f9a61b0427408189
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f24f42cfb25a867ad7e65a2f9a61b0427408189
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/d66f311d/attachment.html>
More information about the debian-security-tracker-commits
mailing list