[Git][security-tracker-team/security-tracker][master] Wordpress issues fixed via unstable upload

Salvatore Bonaccorso carnil at debian.org
Thu Nov 5 22:58:45 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49c7208e by Salvatore Bonaccorso at 2020-11-05T23:58:20+01:00
Wordpress issues fixed via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -409,46 +409,46 @@ CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_1
 	NOT-FOR-US: Netgear
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 	NOTE: https://wpscan.com/vulnerability/10452
 CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 	NOTE: https://wpscan.com/vulnerability/10450
 CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 	NOTE: https://wpscan.com/vulnerability/10449
 CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...)
 	{DLA-2429-1}
-	- wordpress <unfixed> (bug #973562)
+	- wordpress 5.5.3+dfsg1-1 (bug #973562)
 	NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
 	NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
 	NOTE: https://wpscan.com/vulnerability/10446



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49c7208edbdf6b779772f70b955b174b3066b57a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49c7208edbdf6b779772f70b955b174b3066b57a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201105/23184612/attachment.html>

More information about the debian-security-tracker-commits mailing list