[Git][security-tracker-team/security-tracker][master] Add tracking for CVE-2021-44223/wordpress
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 25 20:20:11 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa760ca8 by Salvatore Bonaccorso at 2021-11-25T21:19:13+01:00
Add tracking for CVE-2021-44223/wordpress
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,13 @@
CVE-2021-44224
RESERVED
CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...)
- TODO: check
+ - wordpress 5.8.1+dfsg1-1
+ [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
+ NOTE: options documented in:
+ NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
+ NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
CVE-2021-44222
RESERVED
CVE-2021-44221
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa760ca8a8a5261671dac178421c4ea1e222cdb6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa760ca8a8a5261671dac178421c4ea1e222cdb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211125/aece5799/attachment.htm>
More information about the debian-security-tracker-commits
mailing list