[Git][security-tracker-team/security-tracker][master] CVE-2020-25286 assigned for one wordpress issue

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bd5d993 by Salvatore Bonaccorso at 2020-09-14T06:26:02+02:00
CVE-2020-25286 assigned for one wordpress issue

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,6 @@ CVE-2020-25288
 	RESERVED
 CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
 	NOT-FOR-US: Pligg CMS
-CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...)
-	TODO: check
 CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
@@ -24120,10 +24118,8 @@ CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verif
 	- golang-1.11 <not-affected> (Windows-specific)
 	NOTE: https://golang.org/issue/39360
 	NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
-CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public posts]
+CVE-2020-25286 [Editor: Ensure latest comments can only be viewed from public posts]
 	- wordpress 5.4.2+dfsg1-1 (bug #962685)
-	[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
-	[stretch] - wordpress 4.7.18+dfsg-1+deb9u1
 	NOTE: https://core.trac.wordpress.org/changeset/47984
 CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...)
 	{DSA-4709-1 DLA-2371-1 DLA-2269-1}


=====================================
data/DLA/list
=====================================
@@ -5,7 +5,7 @@
 	{CVE-2020-25219}
 	[stretch] - libproxy 0.4.14-2+deb9u1
 [11 Sep 2020] DLA-2371-1 wordpress - security update
-	{CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050}
+	{CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286}
 	[stretch] - wordpress 4.7.18+dfsg-1+deb9u1
 [11 Sep 2020] DLA-2370-1 python-pip - security update
 	{CVE-2019-20916}


=====================================
data/DSA/list
=====================================
@@ -167,7 +167,7 @@
 	{CVE-2020-9494}
 	[buster] - trafficserver 8.0.2+ds-1+deb10u3
 [23 Jun 2020] DSA-4709-1 wordpress - security update
-	{CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050}
+	{CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286}
 	[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
 [21 Jun 2020] DSA-4708-1 neomutt - security update
 	{CVE-2020-14093 CVE-2020-14954}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd5d993296fcfe05a73ab2ba08cfdbc86464eeb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd5d993296fcfe05a73ab2ba08cfdbc86464eeb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/b31f870c/attachment-0001.html>