diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:19:13 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-11-25 21:19:13 +0100 |
commit | 4da1b2a558121f92e0dc7aa69e05a7a121bb9e43 (patch) | |
tree | c7674ed00946750fa124b4bd5ded4680ec8f7558 | |
parent | 3d00f057e8179282542a1dfcdffbd4e02a02a88e (diff) |
Add tracking for CVE-2021-44223/wordpress
-rw-r--r-- | data/CVE/2021.list | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 90e6cc03c4..537f79c08b 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,7 +1,13 @@ CVE-2021-44224 RESERVED CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) - TODO: check + - wordpress 5.8.1+dfsg1-1 + [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented) + NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation + NOTE: options documented in: + NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ + NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ CVE-2021-44222 RESERVED CVE-2021-44221 |