Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7827bf74 by Salvatore Bonaccorso at 2026-07-03T04:46:17+02:00
Order suites top-down in CVE-2019-8943
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -660912,10 +660912,10 @@ CVE-2019-8945 (Zimbra Collaboration 8.7.x -
8.8.11P2 contains persistent XSS.)
CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step
in Octo ...)
NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in
wp_crop_image(). An a ...)
+ [bookworm] - wordpress <postponed> (requires privileged account, not
directly exploitable as CVE-2019-8942 is fixed, no official patch)
- wordpress <undetermined> (bug #923583)
- [jessie] - wordpress <postponed> (requires privileged account, not
directly exploitable as CVE-2019-8942 is fixed, no official patch)
[bullseye] - wordpress <postponed> (requires privileged account, not
directly exploitable as CVE-2019-8942 is fixed, no official patch)
- [bookworm] - wordpress <postponed> (requires privileged account, not
directly exploitable as CVE-2019-8942 is fixed, no official patch)
+ [jessie] - wordpress <postponed> (requires privileged account, not
directly exploitable as CVE-2019-8942 is fixed, no official patch)
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: This CVE is explicitly for the mentioned Path Traversal in
wp_crop_image().
NOTE: Patching CVE-2019-8942 makes CVE-2019-8943 (RCE) not directly
exploitable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7827bf746202d267f618e1fd7c2a5afb50bb4351
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7827bf746202d267f618e1fd7c2a5afb50bb4351
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits