[Git][security-tracker-team/security-tracker][master] CVE-2020-25286 assigned for one wordpress issue

Sun, 13 Sep 2020 21:27:19 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bd5d993 by Salvatore Bonaccorso at 2020-09-14T06:26:02+02:00
CVE-2020-25286 assigned for one wordpress issue

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,6 @@ CVE-2020-25288
        RESERVED
 CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute 
arbitrary com ...)
        NOT-FOR-US: Pligg CMS
-CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, 
comment ...)
-       TODO: check
 CVE-2020-25285 (A race condition between hugetlb sysctl handlers in 
mm/hugetlb.c in th ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
@@ -24120,10 +24118,8 @@ CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 
1.14.5, Certificate.Verif
        - golang-1.11 <not-affected> (Windows-specific)
        NOTE: https://golang.org/issue/39360
        NOTE: 
https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
-CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public 
posts]
+CVE-2020-25286 [Editor: Ensure latest comments can only be viewed from public 
posts]
        - wordpress 5.4.2+dfsg1-1 (bug #962685)
-       [buster] - wordpress 5.0.10+dfsg1-0+deb10u1
-       [stretch] - wordpress 4.7.18+dfsg-1+deb9u1
        NOTE: https://core.trac.wordpress.org/changeset/47984
 CVE-2020-4050 (In affected versions of WordPress, misuse of the 
`set-screen-option` f ...)
        {DSA-4709-1 DLA-2371-1 DLA-2269-1}


=====================================
data/DLA/list
=====================================
@@ -5,7 +5,7 @@
        {CVE-2020-25219}
        [stretch] - libproxy 0.4.14-2+deb9u1
 [11 Sep 2020] DLA-2371-1 wordpress - security update
-       {CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050}
+       {CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 
CVE-2020-25286}
        [stretch] - wordpress 4.7.18+dfsg-1+deb9u1
 [11 Sep 2020] DLA-2370-1 python-pip - security update
        {CVE-2019-20916}


=====================================
data/DSA/list
=====================================
@@ -167,7 +167,7 @@
        {CVE-2020-9494}
        [buster] - trafficserver 8.0.2+ds-1+deb10u3
 [23 Jun 2020] DSA-4709-1 wordpress - security update
-       {CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050}
+       {CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286}
        [buster] - wordpress 5.0.10+dfsg1-0+deb10u1
 [21 Jun 2020] DSA-4708-1 neomutt - security update
        {CVE-2020-14093 CVE-2020-14954}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd5d993296fcfe05a73ab2ba08cfdbc86464eeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bd5d993296fcfe05a73ab2ba08cfdbc86464eeb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to