Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1054a9e1 by Markus Koschany at 2023-06-21T00:04:59+02:00 Update wordpress temp CVE. Bullseye and Buster are not affected Block templates were introduced later, apparently in version 5.8. https://github.com/WordPress/WordPress/commit/4ae0e4220f0c01005afa0dcbb74979c0d5cb9abc - - - - - 0c3b15a8 by Markus Koschany at 2023-06-21T00:07:15+02:00 Reserve DLA-3462-1 for wordpress - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2757,8 +2757,12 @@ CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) conta CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data] - wordpress 6.2.2+dfsg1-1 (bug #1036689) [bookworm] - wordpress <postponed> (Minor issue, fix along in future update) - [bullseye] - wordpress <postponed> (Minor issue, fix along in future update) + [bullseye] - wordpress <not-affected> (Block template support was introduced later) + [buster] - wordpress <not-affected> (Block template support was introduced later) NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/ + NOTE: https://github.com/WordPress/WordPress/commit/6a077b35f15590a843ff8a6c97a135f3a34872dd + NOTE: Upstream reverted the change because it broke countless wordpress installations + NOTE: https://github.com/WordPress/WordPress/commit/2bb3a5169548d16173cf48ca9da1111efc428f86 CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...) - briar <itp> (bug #1019932) CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[21 Jun 2023] DLA-3462-1 wordpress - security update + {CVE-2023-2745} + [buster] - wordpress 5.0.19+dfsg1-0+deb10u1 [20 Jun 2023] DLA-3461-1 libfastjson - security update {CVE-2020-12762} [buster] - libfastjson 0.99.8-2+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -278,9 +278,6 @@ webkit2gtk (Emilio) NOTE: 20230606: one issue remaining (cmake), but call for testing sent out already: NOTE: 20230606: https://lists.debian.org/debian-lts/2023/06/msg00005.html (pochu) -- -wordpress (Markus Koschany) - NOTE: 20230614: Added by Front-Desk (opal) --- xmltooling (Santiago) NOTE: 20230613: Added by Santiago NOTE: 20230613: According to dsa-needed, maintainers will prepare updates. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/066c20b60fd2f497e274532eb6ec77c2e9de47e1...0c3b15a855ab5aa17e52474c4df239b81ea82c4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/066c20b60fd2f497e274532eb6ec77c2e9de47e1...0c3b15a855ab5aa17e52474c4df239b81ea82c4b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
