Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f166b41 by Utkarsh Gupta at 2025-11-02T22:50:16+01:00
Reserve DLA-4358-1 for wordpress
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -150348,7 +150348,6 @@ CVE-2024-6308 (A vulnerability was found in
itsourcecode Simple Online Hotel Res
NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via
the HT ...)
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
- [bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
NOTE: https://core.trac.wordpress.org/changeset/58473
NOTE: https://core.trac.wordpress.org/changeset/58472
@@ -150457,7 +150456,6 @@ CVE-2024-32111 (Improper Limitation of a Pathname to
a Restricted Directory ('Pa
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-31111 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- wordpress 6.5.5+dfsg1-1 (bug #1074486)
- [bullseye] - wordpress <not-affected> (The vulnerable code was
introduced later)
NOTE: https://wordpress.org/news/2024/06/wordpress-6-5-5/
CVE-2024-28832 (Stored XSS in the Crash Report page in Checkmk before versions
2.3.0p7 ...)
- check-mk <removed>
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[02 Nov 2025] DLA-4358-1 wordpress - security update
+ {CVE-2024-6307 CVE-2024-31111 CVE-2025-58246 CVE-2025-58674}
+ [bullseye] - wordpress 5.7.14+dfsg1-0+deb11u1
[01 Nov 2025] DLA-4357-1 ruby-rack - security update
{CVE-2025-32441 CVE-2025-46727 CVE-2025-59830 CVE-2025-61770
CVE-2025-61771 CVE-2025-61772 CVE-2025-61780 CVE-2025-61919}
[bullseye] - ruby-rack 2.1.4-3+deb11u4
=====================================
data/dla-needed.txt
=====================================
@@ -337,17 +337,6 @@ wolfssl
NOTE: 20250825: I attempted backporting the fixes, but the code diverged
significantly.
NOTE: 20250825: Backporting is difficult withing prior knowledge of the
codebase. (paride)
--
-wordpress (Utkarsh)
- NOTE: 20250804: Added by Front-Desk (rouca)
- NOTE: 20250804: Sync with DSA (rouca)
- NOTE: 20250902: prepped DSA update, will sync w/ Security and then release
DLA. (utkarsh)
- NOTE: 20250922: csmall replied, will follow up. but will release DLA w/o
waiting on stable*. (utkarsh)
- NOTE: 20250922: update: carnil advised to wait for a bit... (utkarsh)
- NOTE: 20251006: we've waitied so much that there are new CVEs now. d'oh.
(utkarsh)
- NOTE: 20251006: will re-propose the diff to security team again. (utkarsh)
- NOTE: 20251026: untested update prepared - will test this week & coordinate
with the sec team. (utkarsh)
- NOTE: 20251028: pinged Craig and security team with the update on Mon 27th
Oct. (utkarsh)
---
xmlrpc-c
NOTE: 20250411: Added by Front-Desk (Beuc)
NOTE: 20250411: See issues with old embedded expat library:
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f166b41ed76d509efc4dad771897b36baff01bd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f166b41ed76d509efc4dad771897b36baff01bd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
