[Git][security-tracker-team/security-tracker][master] Splitup temporary entry for Wordpress into two assigned CVEs

Thu Dec 26 20:53:47 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f24f42c by Salvatore Bonaccorso at 2019-12-26T20:53:09Z
Splitup temporary entry for Wordpress into two assigned CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1074,10 +1074,17 @@ CVE-2019-19835
 	RESERVED
 CVE-2019-19834
 	RESERVED
-CVE-2019-XXXX [several vulnerabilities fixed in WordPress 5.3.1]
+CVE-2019-16781
 	- wordpress <unfixed> (bug #946905)
+	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
+	NOTE: https://hackerone.com/reports/731301
+	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
+CVE-2019-16780
+	- wordpress <unfixed> (bug #946905)
+	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e
+	NOTE: https://hackerone.com/reports/738644
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
-	TODO: asked maintainer to request CVEs with more insight
 CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shu ...)
 	NOT-FOR-US: Tautulli
 CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add users is ma ...)
@@ -15895,10 +15902,6 @@ CVE-2019-16782 (There's a possible information leak / session hijack vulnerabili
 	- ruby-rack <unfixed> (bug #946983)
 	NOTE: https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
-CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...)
-	TODO: check
-CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...)
-	TODO: check
 CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
 	- ruby-excon <unfixed> (bug #946904)
 	NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f24f42cfb25a867ad7e65a2f9a61b0427408189

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f24f42cfb25a867ad7e65a2f9a61b0427408189
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/d66f311d/attachment.html>
