Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
51b3f49f by Chris Lamb at 2019-06-04T09:29:43Z
Triage CVE-2019-8943 in wordpress for jessie LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9988,6 +9988,7 @@ CVE-2019-8944 (An Information Exposure issue in the
Terraform deployment step in
NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in
wp_crop_image(). An a ...)
- wordpress <unfixed> (bug #923583)
+ [jessie] - wordpress <no-dsa> (Patching CVE-2019-8942 makes
CVE-2019-8943 unexploitable)
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: The code execution angle is fixed via gd security, details on the
rest are murky.
NOTE: This CVE is explicitly for the mentioned Path Traversal in
wp_crop_image().
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b3f49fef4cc26381c3d6e25ef83c0309263fb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51b3f49fef4cc26381c3d6e25ef83c0309263fb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
