Hi Seb, Sure are planning on doing that. I'll be using tracking the 5.0.x branch from upstream, as discussed last time. Thanks to Utkarsh I've got all the CVEs and descriptions right in front of me!
Hi Utkarsh, I've got Sid uploading now and will start on Buster in a moment. - Craig On Mon, 2 Nov 2020 at 22:52, Sébastien Delafond <s...@debian.org> wrote: > On 02/11 08:01, Craig Small wrote: > > Wordpress versions less than 5.5.2 have the following security > > vulnerabilities: > > > > CVE-2020-28039: Protected meta that could lead to arbitrary file > deletion. > > CVE-2020-28035: XML-RPC privilege escalation. > > CVE-2020-28036: XML-RPC privilege escalation. > > CVE-2020-28032: Hardening deserialization requests. > > CVE-2020-28037: DoS attack could lead to RCE. > > CVE-2020-28038: Stored XSS in post slugs. > > CVE-2020-28033: Disable spam embeds from disabled sites on a multisite > network. > > CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. > > CVE-2020-28040: CSRF attacks that change a theme's background image. > > Hi Craig, > > are you planning on backporting the fixes for those on top of buster's > 5.0.10+dfsg1-0+deb10u1? > > Cheers, > > -- > Seb >