Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3a810f1 by Salvatore Bonaccorso at 2019-06-10T06:24:28Z
Revert "CVE-2017-1000600 and CVE-2018-1000773 are for the same underlying
problem in wordpress."
This reverts commit 94190ded68b383d8244977a1a6e2b2314e21c119.
The used version is not a valid unstable version.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41729,8 +41729,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier
contains a Directory Traversa
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer
reference vuln ...)
NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input
Validation ...)
- - wordpress 4.1+dfsg-1+deb8u17
- NOTE: See CVE-2017-1000600. That CVE is not completely fixed in
wordpress 4.9.
+ - wordpress <undetermined>
CVE-2018-1000673
REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL
Redirection to ...)
@@ -41766,16 +41765,11 @@ CVE-2018-1000659 (LimeSurvey version 3.14.4 and
earlier contains a directory tra
CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload
vulnerabilit ...)
- limesurvey <itp> (bug #472802)
CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation
vulnerabi ...)
- - wordpress 4.1+dfsg-1+deb8u17
+ - wordpress <undetermined>
NOTE: https://www.securityfocus.com/bid/105305/references
NOTE:
https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
NOTE:
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
- NOTE:
https://www.youtube.com/watch?v=GePBmsNJw6Y&feature=youtu.be&t=1763
NOTE: https://twitter.com/_s_n_t/status/1030573635617124353
- NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need
to have
- NOTE: vulnerable module installed on the site as well. This may affect
the severity
- NOTE: and importance of fixing but it should not be considered as
undetermined.
- NOTE: For wordpress 4.9 and later CVE-2018-1000773 has been issued.
CVE-2018-16553
RESERVED
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/,
/users/##/ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3a810f10bc409aa1cb6b5dd2876b152c8a384f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b3a810f10bc409aa1cb6b5dd2876b152c8a384f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
