[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-14028/wordpress: no-dsa->postponed

Wed, 26 Aug 2020 04:08:25 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5c17a120 by Sylvain Beucler at 2020-08-26T13:02:39+02:00
CVE-2018-14028/wordpress: no-dsa->postponed

- - - - -
bab22dcd by Sylvain Beucler at 2020-08-26T13:02:40+02:00
CVE-2020-4050/wordpress: reference regression

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22606,6 +22606,7 @@ CVE-2020-4050 (In affected versions of WordPress, 
misuse of the `set-screen-opti
        NOTE: https://core.trac.wordpress.org/changeset/47951
        NOTE: 
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
        NOTE: 
https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
+       NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix)
 CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the 
name of  ...)
        {DSA-4709-1 DLA-2269-1}
        - wordpress 5.4.2+dfsg1-1 (bug #962685)
@@ -131300,8 +131301,8 @@ CVE-2018-14029 (CSRF vulnerability in admin/user/edit 
in Creatiwity wityCMS 0.6.
 CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are 
not verifi ...)
        - wordpress <unfixed> (bug #906565)
        [buster] - wordpress <postponed> (Minor issue, revisit when fixed 
upstream)
-       [stretch] - wordpress <no-dsa> (Minor issue)
-       [jessie] - wordpress <postponed> (no sanctioned patch)
+       [stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
+       [jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
        NOTE: https://core.trac.wordpress.org/ticket/44710
        NOTE: 
https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
 CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the 
userid or ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a356a950c9ed600bfdb9b2e40327b5b35d2ba8...bab22dcde588363322615d9be07371a1a4fdfbc4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a356a950c9ed600bfdb9b2e40327b5b35d2ba8...bab22dcde588363322615d9be07371a1a4fdfbc4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to