Bug 1022445 - (CVE-2017-5611) VUL-1: CVE-2017-5611: wordpress: SQLi when passing unsafe data
(CVE-2017-5611)
VUL-1: CVE-2017-5611: wordpress: SQLi when passing unsafe data
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software
unspecified
Other Other
: P4 - Low : Normal (vote)
: ---
Assigned To: Eric Schirra
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-28 21:23 UTC by Mikhail Kasimov
Modified: 2017-02-04 09:35 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-01-28 21:23:48 UTC
Ref: http://seclists.org/oss-sec/2017/q1/217
============================================
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we've added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).

https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
============================================

Assigned: CVE-2017-5611

https://software.opensuse.org/package/wordpress

4.6.1 version for TW|42.(1|2) in server:php:applications repo.
Comment 1 Swamp Workflow Management 2017-01-28 23:00:40 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2017-01-29 08:12:42 UTC
the SUSE security team does not cover packages not currently in the distribution. Not treating as an incident, assign/cc community maintainers.
Comment 3 Eric Schirra 2017-02-04 09:35:26 UTC
update packages in server:php:applications to version 7.7.2