From 4da1b2a558121f92e0dc7aa69e05a7a121bb9e43 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 25 Nov 2021 21:19:13 +0100
Subject: Add tracking for CVE-2021-44223/wordpress

---
 data/CVE/2021.list | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 90e6cc03c4..537f79c08b 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,7 +1,13 @@
 CVE-2021-44224
 	RESERVED
 CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...)
-	TODO: check
+	- wordpress 5.8.1+dfsg1-1
+	[bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+	[buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+	NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
+	NOTE: options documented in:
+	NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
+	NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
 CVE-2021-44222
 	RESERVED
 CVE-2021-44221
-- 
cgit v1.2.3