[Git][security-tracker-team/security-tracker][master] wordpress issues got CVEified

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
607bff05 by Salvatore Bonaccorso at 2019-09-11T20:20:46Z
wordpress issues got CVEified

Upstream is very intransparent here on the fixes, so Craig did request
CVEs baseed on descriptions. Only for three of those there was
posibility to relate to correct commits/changesets. The others are quite
unclear at this point.

Cf. https://bugs.debian.org/939543

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,19 +35,24 @@ CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of m
 CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...)
 	TODO: check
 CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
+	NOTE: https://core.trac.wordpress.org/changeset/45997
+	NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
 CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
+	NOTE: https://core.trac.wordpress.org/changeset/45971
+	NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
 CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
-	TODO: check
+	- wordpress 5.2.3+dfsg1-1 (bug #939543)
+	NOTE: https://core.trac.wordpress.org/changeset/45936
 CVE-2019-16216
 	RESERVED
 CVE-2019-16215
@@ -652,9 +657,6 @@ CVE-2019-15957
 	RESERVED
 CVE-2019-15956
 	RESERVED
-CVE-2019-XXXX [5.2.3 fixes several XSS and other security bugs]
-	- wordpress 5.2.3+dfsg1-1 (bug #939543)
-	TODO: needs proper split up after CVE assignment in individual entries
 CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
 	NOT-FOR-US: Total.js CMS
 CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/607bff057b0cc8afaff2a488f182fe1b6dc4aa69

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/607bff057b0cc8afaff2a488f182fe1b6dc4aa69
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190911/41e39f27/attachment.html>