Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9965ae0 by Sylvain Beucler at 2020-08-26T13:22:02+02:00
CVE-2017-1000600/wordpress: update stretch status
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -124592,6 +124592,7 @@ CVE-2018-1000658 (LimeSurvey version prior to 3.14.4
contains a file upload vuln
- limesurvey <itp> (bug #472802)
CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation
vulnerabi ...)
- wordpress 4.9.1+dfsg-1
+ [stretch] - wordpress <postponed> (requires authenticated user, root
cause in PHP phar:// unserialization and requires thorough application-level
checks, no upstream patch)
[jessie] - wordpress <postponed> (requires authenticated user, root
cause in PHP phar:// unserialization and requires thorough application-level
checks, no upstream patch)
NOTE:
https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
NOTE:
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9965ae00f1823e18c584873bd67812049e5c335
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9965ae00f1823e18c584873bd67812049e5c335
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
