[Git][security-tracker-team/security-tracker][master] Add tracking for CVE-2021-29476

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b68cf9bf by Salvatore Bonaccorso at 2021-04-29T07:29:59+02:00
Add tracking for CVE-2021-29476

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5361,7 +5361,16 @@ CVE-2021-29478
 CVE-2021-29477
 	RESERVED
 CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...)
-	TODO: check
+	- wordpress 5.5.3+dfsg1-1
+	[buster] - wordpress 5.0.11+dfsg1-0+deb10u1
+	[stretch] - wordpress 4.7.19+dfsg-1+deb9u1
+	NOTE: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54
+	NOTE: https://github.com/rmccue/Requests/pull/421
+	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+	NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
+	NOTE: The CVE directly correspond to CVE-2020-28032 for wordpress and we can track
+	NOTE: same versions as fixed. Strictly speaking CVE-2021-29476 is for the PHP Requests
+	NOTE: library directly.
 CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
 	NOT-FOR-US: HedgeDoc
 CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68cf9bf95a21ddc1b56bc89df736addd63a4d98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68cf9bf95a21ddc1b56bc89df736addd63a4d98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210429/4dc8467e/attachment.htm>