[Git][security-tracker-team/security-tracker][master] wordpress CVE assignments for issues fixed back in 6.0.3

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddd79095 by Moritz Muehlenhoff at 2023-02-16T16:20:19+01:00
wordpress CVE assignments for issues fixed back in 6.0.3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9522,7 +9522,7 @@ CVE-2023-22624 (Zoho ManageEngine Exchange Reporter Plus before 5708 allows atta
 CVE-2023-22623
 	RESERVED
 CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...)
-	TODO: check
+	- wordpress <not-affected> (Not an issue for packaged WordPress)
 CVE-2023-22621
 	RESERVED
 CVE-2023-22620
@@ -27739,11 +27739,20 @@ CVE-2022-43509 (Out-of-bounds write vulnerability exists in CX-Programmer v.9.77
 CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77 and earlie ...)
 	NOT-FOR-US: CX-Programmer
 CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...)
-	TODO: check
+	- wordpress 6.0.3+dfsg1-1 (bug #1022575)
+	[bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1
+	[buster] - wordpress <postponed> (wait for CVE assignment)
+	NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
 CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
-	TODO: check
+	- wordpress 6.0.3+dfsg1-1 (bug #1022575)
+	[bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1
+	[buster] - wordpress <postponed> (wait for CVE assignment)
+	NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
 CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...)
-	TODO: check
+	- wordpress 6.0.3+dfsg1-1 (bug #1022575)
+	[bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1
+	[buster] - wordpress <postponed> (wait for CVE assignment)
+	NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
 CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system versions pr ...)
 	NOT-FOR-US: Salon booking system
 CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLU ...)
@@ -39923,6 +39932,7 @@ CVE-2022-XXXX [wordpress 6.0.3]
 	[bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1
 	[buster] - wordpress <postponed> (wait for CVE assignment)
 	NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
+	NOTE: Some issues covered by CVE-2022-43497, CVE-2022-43500 and CVE-2022-43504
 CVE-2022-XXXX [wordpress 6.0.2]
 	- wordpress 6.0.2+dfsg1-1 (bug #1018863)
 	[bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddd7909526d9da68251fc5e7287b5d6cb7d25cf9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddd7909526d9da68251fc5e7287b5d6cb7d25cf9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230216/9167c12c/attachment.htm>