diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-06-10 08:32:53 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-06-10 08:32:53 +0200 |
commit | 53815e78266f831fbd98d99a05f9013561d3e2d6 (patch) | |
tree | ab1e6f3ad6c108ace9a2c64e77a8a9153eab044c | |
parent | 15ad377551d2aab762d9e7282d46559f2d39bf40 (diff) |
Update information on CVE-2018-1000773 and CVE-2017-1000600
According to the available information CVE-2017-1000600 has been fixed
(but without upstream details) in 4.9. As such we mark the first version
in unstable in the 4.9 series as fixed.
-rw-r--r-- | data/CVE/list | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5caa375db2..ccbf7b3613 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -41727,7 +41727,8 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...) NOT-FOR-US: zephyr-rtos CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...) - - wordpress <undetermined> + - wordpress <unfixed> + NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600. CVE-2018-1000673 REJECTED CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...) @@ -41763,11 +41764,14 @@ CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory tra CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload vulnerabilit ...) - limesurvey <itp> (bug #472802) CVE-2017-1000600 (WordPress version <4.9 contains a CWE-20 Input Validation vulnerabi ...) - - wordpress <undetermined> + - wordpress 4.9.1+dfsg-1 NOTE: https://www.securityfocus.com/bid/105305/references NOTE: https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ NOTE: https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf NOTE: https://twitter.com/_s_n_t/status/1030573635617124353 + NOTE: Wordpress before 4.9 is vulnerable on its own. After 4.9 you need to have + NOTE: vulnerable module installed on the site as well. Due to an incomplete fix + NOTE: in 4.9 there exists CVE-2018-1000773. CVE-2018-16553 RESERVED CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...) |