Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
On Tue, 26 Sep. 2017, 11:03 Ángel wrote: > What about the versions on wheezy/jessie/stretch? Should they be handled > on this bug, get a new one for each, or will they simply be handled > without one by the security team, now they have CVEs¹? > Stretch security release I am waiting for security team to approve the upload. Rodrigo has made a backport for Jessie. I'll try to upload it in the next 24 hours. That's all the other versions I know of. - Craig -- Craig Small https://dropbear.xyz/ csmall at : enc.com.au Debian GNU/Linuxhttps://www.debian.org/ csmall at : debian.org Mastodon: @smalls...@social.dropbear.xyz Twitter: @smallsees GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
Rodrigo Campos wrote: > It's already on sid and a backport is ready, will ask for BSA and craig will > upload when the BSA is assigned. What about the versions on wheezy/jessie/stretch? Should they be handled on this bug, get a new one for each, or will they simply be handled without one by the security team, now they have CVEs¹? ¹ These issues got assigned CVE-2017-14718 to CVE-2017-14726 Thanks!
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
On Thu, Sep 21, 2017 at 04:26:53PM +0100, Rodrigo Campos wrote: > On Thu, Sep 21, 2017 at 09:54:49AM +0200, Ángel wrote: > > Salvatore wrote: > > > have you identified already the issue -> fixing commit mappings? > > > > For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2 > > https://codex.wordpress.org/Version_4.8.2 > > And for jessie backports I'll update as soon as it is on sid :-) It's already on sid and a backport is ready, will ask for BSA and craig will upload when the BSA is assigned. Thanks! Rodrigo
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
On Thu, Sep 21, 2017 at 09:54:49AM +0200, Ángel wrote: > Salvatore wrote: > > have you identified already the issue -> fixing commit mappings? > > For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2 > https://codex.wordpress.org/Version_4.8.2 And for jessie backports I'll update as soon as it is on sid :-)
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
Salvatore wrote: > have you identified already the issue -> fixing commit mappings? For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2 https://codex.wordpress.org/Version_4.8.2 For version 4.7.5 [stretch], upstream fixed them on 4.7.6 https://codex.wordpress.org/Version_4.7.6 For version 4.1 [jessie], upstream fixed them on 4.1.19 https://codex.wordpress.org/Version_4.1.19 For version 3.6.1 [wheezy], upstream didn't release a fix. 4.7.6 and 4.1.19 seem to be security fixes only. WordPress 4.8.2 also contains six maintenance fixes to the 4.8 release series (but that would go to sid, so it's ok). There is a slightly misleading commit message on one of them whose description says it's bumping to the wrong version, but other than that -thankfully- it looks quite clear which issue is fixing each of the backported commits
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
On Thu, 21 Sep. 2017, 07:15 Salvatore Bonaccorso wrote: > Are you going to request CVEs for those? > > have you identified already the issue -> fixing commit mappings? > Hi Salvatore, Already started talking with Kurt from DWF about the CVE. I am hoping there will be a new improved setup for the next round of bugs. Not started the mappings yet but it's on my list. The WPvuln guy has mapped only the first SQLi. - Craig -- Craig Small https://dropbear.xyz/ csmall at : enc.com.au Debian GNU/Linuxhttps://www.debian.org/ csmall at : debian.org Mastodon: @smalls...@social.dropbear.xyz Twitter: @smallsees GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
Hi Craig, On Wed, Sep 20, 2017 at 10:20:16PM +1000, Craig Small wrote: > Source: wordpress > Version: 4.8.1+dfsg-1 > Severity: grave > Tags: security > Justification: user security hole > > Wordpress 4.8.2 is out which fixes 9 security issues[1] Are you going to request CVEs for those? have you identified already the issue -> fixing commit mappings? Regards, Salvatore
Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier
Source: wordpress Version: 4.8.1+dfsg-1 Severity: grave Tags: security Justification: user security hole Wordpress 4.8.2 is out which fixes 9 security issues[1] $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team. A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi). An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx). A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team. A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic). A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar). 1: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
