Inguza Technology AB

technology, analysis and solutions

Debian Long Term Support work 2019 June

The following contributions were made:

  • Looked through two undetermined issues for wordpress. It turned out that they were essentially duplicates. After quite some investigation it was clear that they are not undetermined.
    • CVE-2017-1000600 - marked as not undetermined. Added a youtube video.
    • CVE-2018-1000773 - marked as not undetermined.
  • Looked through an undetermined issue for php-horde-form.
    • CVE-2019-9858 - The mentioned directory does not even exist on a Debian installed wordpress. But it would be possible to write to other locations. The severity is much less however. But not undetermined.
  • Looked like the thunderbird package was not accepted by the FTP archive. Checked with the uploader of this package.
  • Looked into CVE-2019-8457 (sqlite3) since Jonas asked for advice on it. Spent some time analyzing the source code.