[Git][security-tracker-team/security-tracker][master] CVEs assigned for issues fixed in WordPress 5.2.4 release

Salvatore Bonaccorso carnil at debian.org
Thu Oct 17 21:17:12 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db99c356 by Salvatore Bonaccorso at 2019-10-17T20:16:35Z
CVEs assigned for issues fixed in WordPress 5.2.4 release

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2032,20 +2032,6 @@ CVE-2019-17677
 	RESERVED
 CVE-2019-17676 (app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a C ...)
 	TODO: check
-CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type confusion durin ...)
-	TODO: check
-CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...)
-	TODO: check
-CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...)
-	TODO: check
-CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject  ...)
-	TODO: check
-CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain content  ...)
-	TODO: check
-CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
-	TODO: check
-CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
-	TODO: check
 CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations via unre ...)
 	TODO: check
 CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...)
@@ -2142,12 +2128,43 @@ CVE-2019-17623
 	RESERVED
 CVE-2019-17622
 	RESERVED
-CVE-2019-XXXX [WordPress 5.2.4 Security Release]
+CVE-2019-17675
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://core.trac.wordpress.org/changeset/46477
+	NOTE: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
+	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
+CVE-2019-17674
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
+CVE-2019-17673
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://core.trac.wordpress.org/changeset/46478
+	NOTE: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
+	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
+CVE-2019-17672
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
+CVE-2019-17671
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://core.trac.wordpress.org/changeset/46474
+	NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
+CVE-2019-17670
 	- wordpress 5.2.4+dfsg1-1 (bug #942459)
+	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
+	NOTE: https://core.trac.wordpress.org/changeset/46472
+	NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
 	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-	NOTE: https://github.com/WordPress/WordPress/commit/2fc33ef47d3a4d48f03ef79d4aacf420da51bb54
+CVE-2019-17669
+	- wordpress 5.2.4+dfsg1-1 (bug #942459)
 	NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
-	TODO: proper CVE assignments, Craig was asked if he can take it.
+	NOTE: https://core.trac.wordpress.org/changeset/46475
+	NOTE: https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea
+	NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
 CVE-2019-17621
 	RESERVED
 CVE-2019-17620



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db99c356fcb9ce65f3ee0a8ca1b234936bb54519

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db99c356fcb9ce65f3ee0a8ca1b234936bb54519
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/c48acc89/attachment.html>

More information about the debian-security-tracker-commits mailing list