[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wordpress security update

Am 14.03.2017 um 10:09 schrieb Craig Small:
> Hi Markus,
>   I nearly missed this one. If you go to WPScan[1] which is a great
> resource it says it is versions 4.7.0-4.7.2 only which implies that
> jessie is not impacted.
> However, I also go look at the 4.1 changesets on the upstream[2] as they
> have done all the hard work (mainly) of backporting the patches to
> jessie or at least a generic 4.1 wordpress. Within that you will see
> changeset 40176[3] which is the 4.1 verison of 40169 which is the
> changeset for this patch in the 4.7 branch.
> So my whole rationale for adding this one in and going against what
> WPScan said is purely 40176 is in the 4.1 branch of the upstreams svn.
> Looking at the relevant file it does look like it does things and not
> dead or unreachable code, so I think 4.1 is vulnerable, but PHP code is
> horrible to debug for that sort of thing.

Thanks for the explanation. That makes sense.

By the way I think your patch cs40155_media_metadata, CVE-2017-6814,
requires a backport of two more functions: wp_kses_post_deep and map_deep.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: