Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31e47650 by Salvatore Bonaccorso at 2020-11-02T06:40:34+01:00
Add Debian bug reference for wordpress issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,38 +11,38 @@ CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT
signature verification
CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000
1.0.9.64_10.2.64 ...)
NOT-FOR-US: Netgear
CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a
theme's backg ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before
5.5.2 al ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10452
CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress
before 5.5 ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10450
CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before
5.5.2 allow ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10449
CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via
XML-RPC ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global
variables. ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites
on a mult ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in
wp-inclu ...)
- - wordpress <unfixed>
+ - wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10446
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e4765002100164c64dc4d7e996cd40cff355ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e4765002100164c64dc4d7e996cd40cff355ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
