CVE-2019-8943 (https://nvd.nist.gov/vuln/detail/CVE-2019-8943): WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. CVE-2019-8942 (https://nvd.nist.gov/vuln/detail/CVE-2019-8942): WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f49be7ae6f60ec0b4cb8730bdfc66126cc6d67d commit 4f49be7ae6f60ec0b4cb8730bdfc66126cc6d67d Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2019-03-16 06:50:17 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2019-03-16 06:50:17 +0000 www-apps/wordpress-{4.9.*,5.0.2}: removed cve affected (bug #679484) Bug: https://bugs.gentoo.org/679484 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-apps/wordpress/Manifest | 4 --- www-apps/wordpress/wordpress-4.9.6.ebuild | 55 ------------------------------- www-apps/wordpress/wordpress-4.9.7.ebuild | 55 ------------------------------- www-apps/wordpress/wordpress-4.9.8.ebuild | 55 ------------------------------- www-apps/wordpress/wordpress-5.0.2.ebuild | 55 ------------------------------- 5 files changed, 224 deletions(-)
Arches and Maintainer(s), Thank you for your work.
