Hi Craig,

On Fri, Jun 12, 2020 at 06:33:14AM +0200, Salvatore Bonaccorso wrote:
> Hi Craig,
> 
> On Fri, Jun 12, 2020 at 09:40:34AM +1000, Craig Small wrote:
> > Source: wordpress
> > Version: 5.4.1+dfsg1-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> > 
> > WordPress 5.4.2 is out and fixes the following vulnerabilities:
> [...]
> 
> Thanks for filling the bugreport about those, added tracking in the
> security-tracker correspondigly.
> 
> Are you requesting CVEs for those?

Looks that for all (but not your first mentioned issue) they have CVEs
assigned now (was not when I checked). They are at

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf

Regards,
Salvatore

Reply via email to