[Git][security-tracker-team/security-tracker][master] 2 commits: Remove wordpress from dla-needed.txt

Markus Koschany (@apo) apo at debian.org
Wed May 8 22:36:03 BST 2024



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2c03299 by Markus Koschany at 2024-05-08T23:35:36+02:00
Remove wordpress from dla-needed.txt

- - - - -
d2c09af4 by Markus Koschany at 2024-05-08T23:35:38+02:00
Reserve DSA-5685-1 for wordpress

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -48363,8 +48363,6 @@ CVE-2023-5575 (Improper access control in the permission inheritance in Devoluti
 CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable  ...)
 	{DLA-3658-1}
 	- wordpress 6.3.2+dfsg1-1
-	[bookworm] - wordpress <no-dsa> (Minor issue)
-	[bullseye] - wordpress <no-dsa> (Minor issue)
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
 	NOTE: https://core.trac.wordpress.org/changeset/56840/
 CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...)
@@ -48810,16 +48808,12 @@ CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an
 CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
 	{DLA-3658-1}
 	- wordpress 6.3.2+dfsg1-1
-	[bookworm] - wordpress <no-dsa> (Minor issue)
-	[bullseye] - wordpress <no-dsa> (Minor issue)
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
 	NOTE: https://core.trac.wordpress.org/changeset/56843/
 CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...)
 	- wordpress 6.3.2+dfsg1-1
-	[bookworm] - wordpress <no-dsa> (Minor issue)
-	[bullseye] - wordpress <not-affected> (Vulnerable code was introduced in 5.9)
 	[buster] - wordpress <not-affected> (Vulnerable code was introduced in 5.9)
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
 	NOTE: https://plugins.trac.wordpress.org/changeset/2978318/gutenberg/trunk/build/block-library/blocks/post-navigation-link.php
@@ -68814,8 +68808,6 @@ CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framewor
 CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...)
 	{DLA-3462-1}
 	- wordpress 6.2.1+dfsg1-1 (bug #1036296)
-	[bookworm] - wordpress <postponed> (Minor issue, fix along in future update)
-	[bullseye] - wordpress <postponed> (Minor issue, fix along in future update)
 	NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765
 	NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
 CVE-2023-2679 (Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[08 May 2024] DSA-5685-1 wordpress - security update
+	{CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999 CVE-2024-31210}
+	[bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1
+	[bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1
 [08 May 2024] DSA-5684-1 webkit2gtk - security update
 	{CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284}
 	[bullseye] - webkit2gtk 2.44.1-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -313,11 +313,6 @@ varnish
   NOTE: 20240122: Still fixing tests (abhijith)
   NOTE: 20240213: Fixing tests.(abhijith)
 --
-wordpress (Markus Koschany)
-  NOTE: 20240314: Added by coordinator (roberto)
-  NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
-  NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. (roberto)
---
 zookeeper
   NOTE: 20240324: Added by Front-Desk (ta)
   NOTE: 20240502: Persistent (and p-recursive) watches were introduced by ZOOKEEPER-1416, which only exists in 3.6+.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c236e40b86d7c13b941c0eeebae7eb76503f3f72...d2c09af46ddeeff6a30f27ac2519881183e4b847

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c236e40b86d7c13b941c0eeebae7eb76503f3f72...d2c09af46ddeeff6a30f27ac2519881183e4b847
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/bd3675a6/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list