Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fbf143c2 by Salvatore Bonaccorso at 2019-04-14T19:01:43Z
Mark CVE-2019-8943/wordpress as unfixed
Whilst the RCE part of the Ripstech blog posted issue was fixed the CVE
is specifically for the patch traversal issue which is still open.
Wordpress maintainer confirmed that the issue persists, but we might
weight the CVE differently with lower severity now.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6386,7 +6386,7 @@ CVE-2019-8945
CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step
in Octo ...)
NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in
wp_crop_image(). An a ...)
- - wordpress <undetermined> (bug #923583)
+ - wordpress <unfixed> (bug #923583)
NOTE:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: The code execution angle is fixed via gd security, details on the
rest are murky.
NOTE: This CVE is explicitly for the mentioned Path Traversal in
wp_crop_image().
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
