[Git][security-tracker-team/security-tracker][master] 3 commits: wordpress,6.0.2,5.0.17: Link to upstream fix
Markus Koschany (@apo)
apo at debian.org
Mon Oct 10 14:22:20 BST 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9df40ceb by Markus Koschany at 2022-10-10T15:17:01+02:00
wordpress,6.0.2,5.0.17: Link to upstream fix
This changeset addresses at least one security issue mentioned in upstream's
security advisory. Not sure if upstream will request more CVE or if the
temporary CVE covers all three security vulnerabilities.
- - - - -
c633bbc5 by Markus Koschany at 2022-10-10T15:21:03+02:00
CVE-2019-17670,wordpress: remove no-dsa tag for upcoming release
- - - - -
24bdaa92 by Markus Koschany at 2022-10-10T15:22:08+02:00
Reserve DLA-3141-1 for wordpress
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8533,6 +8533,7 @@ CVE-2022-XXXX [wordpress 6.0.2]
- wordpress 6.0.2+dfsg1-1 (bug #1018863)
[bullseye] - wordpress <no-dsa> (Minor issue)
NOTE: https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
+ NOTE: https://core.trac.wordpress.org/changeset/53973
CVE-2022-39079
RESERVED
CVE-2022-39078
@@ -216959,7 +216960,6 @@ CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain co
CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
{DLA-2371-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
- [buster] - wordpress <no-dsa> (Minor issue)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46472
NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Oct 2022] DLA-3141-1 wordpress - security update
+ {CVE-2019-17670}
+ [buster] - wordpress 5.0.17+dfsg1-0+deb10u1
[07 Oct 2022] DLA-3140-1 libpgjava - security update
{CVE-2022-31197}
[buster] - libpgjava 42.2.5-2+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -225,10 +225,6 @@ wireshark
wkhtmltopdf
NOTE: 20220904: Programming language: C++.
--
-wordpress (Markus Koschany)
- NOTE: 20220911: Programming language: PHP
- NOTE: 20220911: Further investigation needed to see what parts of 6.0.2 update that applies to buster.
---
zabbix
NOTE: 20220911: At least CVE-2022-23134 was fixed in stretch so it should be fixed in buster too.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84134c5ebbcc3d5b6bc92073354c07d11ce1c0d9...24bdaa923ea3a7356af971467f5bdc1edb5000a6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84134c5ebbcc3d5b6bc92073354c07d11ce1c0d9...24bdaa923ea3a7356af971467f5bdc1edb5000a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221010/069b8e8d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list