[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-8943 in wordpress for jessie LTS.
Chris Lamb
lamby at debian.org
Tue Jun 4 10:29:55 BST 2019
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51b3f49f by Chris Lamb at 2019-06-04T09:29:43Z
Triage CVE-2019-8943 in wordpress for jessie LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9988,6 +9988,7 @@ CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in
NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
- wordpress <unfixed> (bug #923583)
+ [jessie] - wordpress <no-dsa> (Patching CVE-2019-8942 makes CVE-2019-8943 unexploitable)
NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: The code execution angle is fixed via gd security, details on the rest are murky.
NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image().
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b3f49fef4cc26381c3d6e25ef83c0309263fb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b3f49fef4cc26381c3d6e25ef83c0309263fb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190604/2fa17fc3/attachment.html>
More information about the debian-security-tracker-commits
mailing list