Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 607bff05 by Salvatore Bonaccorso at 2019-09-11T20:20:46Z wordpress issues got CVEified Upstream is very intransparent here on the fixes, so Craig did request CVEs baseed on descriptions. Only for three of those there was posibility to relate to correct commits/changesets. The others are quite unclear at this point. Cf. https://bugs.debian.org/939543 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -35,19 +35,24 @@ CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of m CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...) TODO: check CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) + NOTE: https://core.trac.wordpress.org/changeset/45997 + NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68 CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) + NOTE: https://core.trac.wordpress.org/changeset/45971 + NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28 CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...) - TODO: check + - wordpress 5.2.3+dfsg1-1 (bug #939543) + NOTE: https://core.trac.wordpress.org/changeset/45936 CVE-2019-16216 RESERVED CVE-2019-16215 @@ -652,9 +657,6 @@ CVE-2019-15957 RESERVED CVE-2019-15956 RESERVED -CVE-2019-XXXX [5.2.3 fixes several XSS and other security bugs] - - wordpress 5.2.3+dfsg1-1 (bug #939543) - TODO: needs proper split up after CVE assignment in individual entries CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...) NOT-FOR-US: Total.js CMS CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/607bff057b0cc8afaff2a488f182fe1b6dc4aa69 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/607bff057b0cc8afaff2a488f182fe1b6dc4aa69 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
