[Git][security-tracker-team/security-tracker][master] CVEs for wordpress issues (but one) assigned
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 12 20:12:41 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79693eb6 by Salvatore Bonaccorso at 2020-06-12T21:12:09+02:00
CVEs for wordpress issues (but one) assigned
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,21 +23,30 @@ CVE-2020-14039
CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public posts]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47984
-CVE-2020-XXXX [Administration: Add a new filter to extend set-screen-option]
+CVE-2020-4050 [Administration: Add a new filter to extend set-screen-option]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47951
-CVE-2020-XXXX [Themes: Ensure a broken theme name is returned properly]
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
+CVE-2020-4049 [Themes: Ensure a broken theme name is returned properly]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47950
-CVE-2020-XXXX [Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters]
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
+CVE-2020-4048 [Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47949
-CVE-2020-XXXX [Embeds: Ensure that the title attribute is set correctly on embeds]
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
+CVE-2020-4046 [Embeds: Ensure that the title attribute is set correctly on embeds]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47947
-CVE-2020-XXXX [Editor: Prevent HTML decoding on by setting the proper editor context]
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
+CVE-2020-4047 [Editor: Prevent HTML decoding on by setting the proper editor context]
- wordpress <unfixed> (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47948
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f
CVE-2020-14038
RESERVED
CVE-2020-14037
@@ -25505,16 +25514,6 @@ CVE-2020-4052
RESERVED
CVE-2020-4051
RESERVED
-CVE-2020-4050
- RESERVED
-CVE-2020-4049
- RESERVED
-CVE-2020-4048
- RESERVED
-CVE-2020-4047
- RESERVED
-CVE-2020-4046
- RESERVED
CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
TODO: check
CVE-2020-4044
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79693eb6aa20f8dac241f3f53f696e1364db4573
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79693eb6aa20f8dac241f3f53f696e1364db4573
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200612/b378aac1/attachment.html>
More information about the debian-security-tracker-commits
mailing list