[Git][security-tracker-team/security-tracker][master] 2 commits: Remove wordpress from dla-needed.txt
Markus Koschany (@apo)
apo at debian.org
Wed May 8 22:36:03 BST 2024
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2c03299 by Markus Koschany at 2024-05-08T23:35:36+02:00
Remove wordpress from dla-needed.txt
- - - - -
d2c09af4 by Markus Koschany at 2024-05-08T23:35:38+02:00
Reserve DSA-5685-1 for wordpress
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -48363,8 +48363,6 @@ CVE-2023-5575 (Improper access control in the permission inheritance in Devoluti
CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...)
{DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
- [bookworm] - wordpress <no-dsa> (Minor issue)
- [bullseye] - wordpress <no-dsa> (Minor issue)
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56840/
CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...)
@@ -48810,16 +48808,12 @@ CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an
CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
{DLA-3658-1}
- wordpress 6.3.2+dfsg1-1
- [bookworm] - wordpress <no-dsa> (Minor issue)
- [bullseye] - wordpress <no-dsa> (Minor issue)
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://core.trac.wordpress.org/changeset/56843/
CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...)
- wordpress 6.3.2+dfsg1-1
- [bookworm] - wordpress <no-dsa> (Minor issue)
- [bullseye] - wordpress <not-affected> (Vulnerable code was introduced in 5.9)
[buster] - wordpress <not-affected> (Vulnerable code was introduced in 5.9)
NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
NOTE: https://plugins.trac.wordpress.org/changeset/2978318/gutenberg/trunk/build/block-library/blocks/post-navigation-link.php
@@ -68814,8 +68808,6 @@ CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framewor
CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...)
{DLA-3462-1}
- wordpress 6.2.1+dfsg1-1 (bug #1036296)
- [bookworm] - wordpress <postponed> (Minor issue, fix along in future update)
- [bullseye] - wordpress <postponed> (Minor issue, fix along in future update)
NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765
NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/
CVE-2023-2679 (Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[08 May 2024] DSA-5685-1 wordpress - security update
+ {CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999 CVE-2024-31210}
+ [bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1
+ [bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1
[08 May 2024] DSA-5684-1 webkit2gtk - security update
{CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284}
[bullseye] - webkit2gtk 2.44.1-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -313,11 +313,6 @@ varnish
NOTE: 20240122: Still fixing tests (abhijith)
NOTE: 20240213: Fixing tests.(abhijith)
--
-wordpress (Markus Koschany)
- NOTE: 20240314: Added by coordinator (roberto)
- NOTE: 20240314: Several CVEs fixed in LTS remain unfixed (no-dsa) in bullseye and
- NOTE: 20240314: bookwork. Uploads to spu and ospu should be coordinated. (roberto)
---
zookeeper
NOTE: 20240324: Added by Front-Desk (ta)
NOTE: 20240502: Persistent (and p-recursive) watches were introduced by ZOOKEEPER-1416, which only exists in 3.6+.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c236e40b86d7c13b941c0eeebae7eb76503f3f72...d2c09af46ddeeff6a30f27ac2519881183e4b847
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c236e40b86d7c13b941c0eeebae7eb76503f3f72...d2c09af46ddeeff6a30f27ac2519881183e4b847
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240508/bd3675a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list