Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e49e5e69 by Ola Lundqvist at 2019-06-09T22:40:29Z
Investigated CVE-2019-9858 and determined that Debian is vulnerable but
not in the mentioned way. The path does not exist so a backdoor is not possible
to place but it is possible to manipulate the path but the severity is much
less.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7824,8 +7824,10 @@ CVE-2019-9860 (Due to unencrypted signal communication
and predictability of rol
CVE-2019-9859
RESERVED
CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail
5.2.22 ...)
- - php-horde-form <undetermined>
- TODO: check
+ - php-horde-form 2.0.8-2
+ NOTE: It is not possible install a backdoor on a Debian installed
wordpress since
+ NOTE: the mentioned path do not exist and is not writeable. It is still
possible
+ NOTE: to overwrite files, but the severity is much less.
CVE-2019-9856
RESERVED
CVE-2019-9855
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e49e5e6921de566bd7a295b34e5b9af6d615f0bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e49e5e6921de566bd7a295b34e5b9af6d615f0bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
