[Git][security-tracker-team/security-tracker][master] Revert "CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying problem in wordpress."

Salvatore Bonaccorso carnil at debian.org
Mon Jun 10 07:24:55 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3a810f1 by Salvatore Bonaccorso at 2019-06-10T06:24:28Z
Revert "CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying problem in wordpress."

This reverts commit 94190ded68b383d8244977a1a6e2b2314e21c119.

The used version is not a valid unstable version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41729,8 +41729,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
-	- wordpress 4.1+dfsg-1+deb8u17
-	NOTE: See CVE-2017-1000600. That CVE is not completely fixed in wordpress 4.9.
+	- wordpress <undetermined>
 CVE-2018-1000673
 	REJECTED
 CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to  ...)
@@ -41766,16 +41765,11 @@ CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory tra
 CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload vulnerabilit ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation vulnerabi ...)
-	- wordpress 4.1+dfsg-1+deb8u17
+	- wordpress <undetermined>
 	NOTE: https://www.securityfocus.com/bid/105305/references
 	NOTE: https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
 	NOTE: https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
-	NOTE: https://www.youtube.com/watch?v=GePBmsNJw6Y&feature=youtu.be&t=1763
 	NOTE: https://twitter.com/_s_n_t/status/1030573635617124353
-	NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need to have
-        NOTE: vulnerable module installed on the site as well. This may affect the severity
-	NOTE: and importance of fixing but it should not be considered as undetermined.
-        NOTE: For wordpress 4.9 and later CVE-2018-1000773 has been issued.
 CVE-2018-16553
 	RESERVED
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3a810f10bc409aa1cb6b5dd2876b152c8a384f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3a810f10bc409aa1cb6b5dd2876b152c8a384f0
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190610/126f8b28/attachment.html>

More information about the debian-security-tracker-commits mailing list