[Git][security-tracker-team/security-tracker][master] 2 commits: Update wordpress temp CVE. Bullseye and Buster are not affected

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1054a9e1 by Markus Koschany at 2023-06-21T00:04:59+02:00
Update wordpress temp CVE. Bullseye and Buster are not affected

Block templates were introduced later, apparently in version 5.8.

https://github.com/WordPress/WordPress/commit/4ae0e4220f0c01005afa0dcbb74979c0d5cb9abc

- - - - -
0c3b15a8 by Markus Koschany at 2023-06-21T00:07:15+02:00
Reserve DLA-3462-1 for wordpress

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2757,8 +2757,12 @@ CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) conta
 CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data]
 	- wordpress 6.2.2+dfsg1-1 (bug #1036689)
 	[bookworm] - wordpress <postponed> (Minor issue, fix along in future update)
-	[bullseye] - wordpress <postponed> (Minor issue, fix along in future update)
+	[bullseye] - wordpress <not-affected> (Block template support was introduced later)
+	[buster] - wordpress <not-affected> (Block template support was introduced later)
 	NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
+	NOTE: https://github.com/WordPress/WordPress/commit/6a077b35f15590a843ff8a6c97a135f3a34872dd
+	NOTE: Upstream reverted the change because it broke countless wordpress installations
+	NOTE: https://github.com/WordPress/WordPress/commit/2bb3a5169548d16173cf48ca9da1111efc428f86
 CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...)
 	- briar <itp> (bug #1019932)
 CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jun 2023] DLA-3462-1 wordpress - security update
+	{CVE-2023-2745}
+	[buster] - wordpress 5.0.19+dfsg1-0+deb10u1
 [20 Jun 2023] DLA-3461-1 libfastjson - security update
 	{CVE-2020-12762}
 	[buster] - libfastjson 0.99.8-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -278,9 +278,6 @@ webkit2gtk (Emilio)
   NOTE: 20230606: one issue remaining (cmake), but call for testing sent out already:
   NOTE: 20230606: https://lists.debian.org/debian-lts/2023/06/msg00005.html (pochu)
 --
-wordpress (Markus Koschany)
-  NOTE: 20230614: Added by Front-Desk (opal)
---
 xmltooling (Santiago)
   NOTE: 20230613: Added by Santiago
   NOTE: 20230613: According to dsa-needed, maintainers will prepare updates.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/066c20b60fd2f497e274532eb6ec77c2e9de47e1...0c3b15a855ab5aa17e52474c4df239b81ea82c4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/066c20b60fd2f497e274532eb6ec77c2e9de47e1...0c3b15a855ab5aa17e52474c4df239b81ea82c4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/6b9afcb7/attachment.htm>