Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fbf143c2 by Salvatore Bonaccorso at 2019-04-14T19:01:43Z Mark CVE-2019-8943/wordpress as unfixed Whilst the RCE part of the Ripstech blog posted issue was fixed the CVE is specifically for the patch traversal issue which is still open. Wordpress maintainer confirmed that the issue persists, but we might weight the CVE differently with lower severity now. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6386,7 +6386,7 @@ CVE-2019-8945 CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...) NOT-FOR-US: Terraform CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...) - - wordpress <undetermined> (bug #923583) + - wordpress <unfixed> (bug #923583) NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ NOTE: The code execution angle is fixed via gd security, details on the rest are murky. NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image(). View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fbf143c27fc0fbfa094ed86db1f67b82ff11ade5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits