Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cc72079 by Markus Koschany at 2024-10-02T21:03:09+02:00
wordpress: Triage 2024 CVE for bullseye
Wordpress in bullseye is not affected. The vulnerable code was introduced in
later versions.
- - - - -
8ea67110 by Markus Koschany at 2024-10-02T21:03:11+02:00
CVE-2023-5692,wordpress: bullseye is ignored
Minor issue. Bullseye is affected but the worst case is the exposing of a
custom slug.
- - - - -
c8739aa1 by Markus Koschany at 2024-10-02T21:03:11+02:00
Remove wordpress from dla-needed.txt
After a closer inspection, I found that the latest security release for the
5.7.x branch only fixes a security vulnerability when Wordpress is hosted on a
Windows server. Apparently no CVE has been assigned so far. In Debian terms
this would be an "unimportant" issue anyway.
All other open CVE have been triaged individually.
There is nothing to do at the moment.
- - - - -
b484203b by Markus Koschany at 2024-10-02T21:04:09+02:00
Reclaim ffmpeg in dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -22092,6 +22092,7 @@ CVE-2024-6308 (A vulnerability was found in
itsourcecode Simple Online Hotel Res
NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
the HT ...)
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
+ [bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
NOTE: https://core.trac.wordpress.org/changeset/58473
NOTE: https://core.trac.wordpress.org/changeset/58472
@@ -22200,6 +22201,7 @@ CVE-2024-32111 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
+ [bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions
2.3.0p7 ...)
- check-mk <removed>
@@ -47063,6 +47065,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome
prior to 124.0.6367.60 a
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
user d ...)
- wordpress 6.5.2+dfsg1-1 (bug #1069091)
+ [bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE:
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
NOTE:
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
NOTE:
https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
@@ -50482,6 +50485,7 @@ CVE-2023-6522 (Incorrect Use of Privileged APIs
vulnerability in ExtremePacs Ext
NOT-FOR-US: ExtremePacs Extreme XDS
CVE-2023-5692 (WordPress Core is vulnerable to Sensitive Information Exposure
in vers ...)
- wordpress 6.5+dfsg1-1
+ [bullseye] - wordpress <ignored> (Minor issue)
NOTE: https://core.trac.wordpress.org/changeset/57645
CVE-2023-49965 (SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS
via the ...)
NOT-FOR-US: SpaceX Starlink Wi-Fi router
=====================================
data/dla-needed.txt
=====================================
@@ -82,7 +82,7 @@ exim4 (Markus Koschany)
NOTE: 20240815: Consider fixing older postponed CVEs as well
(Beuc/front-desk)
NOTE: 20240923: Currently testing the update. (apo)
--
-ffmpeg
+ffmpeg (Markus Koschany)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Upgrade to 4.3.8 (same approach as DSA-5748-1)
(Beuc/front-desk)
NOTE: 20240911: Update prepared in git and tested, waiting for CI pipeline
@@ -250,9 +250,6 @@ upx-ucl
webkit2gtk
NOTE: 20240926: Added by Front-Desk (lamby)
--
-wordpress (apo)
- NOTE: 20240922: Added by Front-Desk (apo)
---
zabbix (tobi)
NOTE: 20240126: Added by oldstable Security Team (jmm)
NOTE: 20240815: sync fixes from bookworm and buster
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e5bca2c14e9b0dd85c6394f89cc905c18af083a...b484203b63cf8b2abc3d3e7504b81cc83868d94a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9e5bca2c14e9b0dd85c6394f89cc905c18af083a...b484203b63cf8b2abc3d3e7504b81cc83868d94a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
