[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-29447/wordpress as unimportant

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5aff759e by Salvatore Bonaccorso at 2021-04-16T10:31:08+02:00
Mark CVE-2021-29447/wordpress as unimportant

Rationale: The issue is present sourcewise up to the fixed version 5.7.1
but is vulnerable only when running under PHP8. The default PHP version
for unstable/bullseye is at time of commiting not yet 8.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4280,8 +4280,9 @@ CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet trac
 CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
 	NOT-FOR-US: Pi-hole
 CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
-	- wordpress <unfixed>
+	- wordpress <unfixed> (unimportant)
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
+	NOTE: Only an issue when installation runs under PHP8.
 CVE-2021-29446
 	RESERVED
 CVE-2021-29445



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aff759e93683d41842997f7ff90466bf24fa45f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aff759e93683d41842997f7ff90466bf24fa45f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210416/d6fc9b97/attachment-0001.htm>