[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-14028/wordpress: no-dsa->postponed

Sylvain Beucler beuc at debian.org
Wed Aug 26 12:07:43 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5c17a120 by Sylvain Beucler at 2020-08-26T13:02:39+02:00
CVE-2018-14028/wordpress: no-dsa->postponed

- - - - -
bab22dcd by Sylvain Beucler at 2020-08-26T13:02:40+02:00
CVE-2020-4050/wordpress: reference regression

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22606,6 +22606,7 @@ CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-opti
 	NOTE: https://core.trac.wordpress.org/changeset/47951
 	NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
+	NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix)
 CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of  ...)
 	{DSA-4709-1 DLA-2269-1}
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
@@ -131300,8 +131301,8 @@ CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.
 CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...)
 	- wordpress <unfixed> (bug #906565)
 	[buster] - wordpress <postponed> (Minor issue, revisit when fixed upstream)
-	[stretch] - wordpress <no-dsa> (Minor issue)
-	[jessie] - wordpress <postponed> (no sanctioned patch)
+	[stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
+	[jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
 	NOTE: https://core.trac.wordpress.org/ticket/44710
 	NOTE: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
 CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a356a950c9ed600bfdb9b2e40327b5b35d2ba8...bab22dcde588363322615d9be07371a1a4fdfbc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/61a356a950c9ed600bfdb9b2e40327b5b35d2ba8...bab22dcde588363322615d9be07371a1a4fdfbc4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200826/753242f6/attachment.html>

More information about the debian-security-tracker-commits mailing list