Hi Craig, On Fri, Jun 12, 2020 at 06:33:14AM +0200, Salvatore Bonaccorso wrote: > Hi Craig, > > On Fri, Jun 12, 2020 at 09:40:34AM +1000, Craig Small wrote: > > Source: wordpress > > Version: 5.4.1+dfsg1-1 > > Severity: grave > > Tags: security upstream > > Justification: user security hole > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > WordPress 5.4.2 is out and fixes the following vulnerabilities: > [...] > > Thanks for filling the bugreport about those, added tracking in the > security-tracker correspondigly. > > Are you requesting CVEs for those?
Looks that for all (but not your first mentioned issue) they have CVEs assigned now (was not when I checked). They are at https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf Regards, Salvatore