diff options
| author | Utkarsh Gupta <utkarsh@debian.org> | 2020-05-11 19:15:46 +0530 |
|---|---|---|
| committer | Utkarsh Gupta <utkarsh@debian.org> | 2020-05-11 19:15:46 +0530 |
| commit | 3a266cc03b726ac00e9a1ee8c08ca7d5ddf8cd24 (patch) | |
| tree | 2d648b8ea6f58ad66dc9a6b86602073104974931 /english | |
| parent | e9077212d38a8a0a41c2c6627521f1a53d60132c (diff) | |
DLA-2208-1 advisory
Diffstat (limited to 'english')
| -rw-r--r-- | english/lts/security/2020/dla-2208.data | 10 | ||||
| -rw-r--r-- | english/lts/security/2020/dla-2208.wml | 45 |
2 files changed, 55 insertions, 0 deletions
diff --git a/english/lts/security/2020/dla-2208.data b/english/lts/security/2020/dla-2208.data new file mode 100644 index 00000000000..6fddaa28d5e --- /dev/null +++ b/english/lts/security/2020/dla-2208.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-2208-1 wordpress</define-tag> +<define-tag report_date>2020-05-11</define-tag> +<define-tag secrefs>CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 Bug#959391</define-tag> +<define-tag packages>wordpress</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2020/dla-2208.wml b/english/lts/security/2020/dla-2208.wml new file mode 100644 index 00000000000..085f9949d13 --- /dev/null +++ b/english/lts/security/2020/dla-2208.wml @@ -0,0 +1,45 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> + +<p>Multiple CVE(s) were discovered in the src:wordpress package.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-11026">CVE-2020-11026</a> + + <p>Files with a specially crafted name when uploaded to the + Media section can lead to script execution upon accessing + the file. This requires an authenticated user with privileges + to upload files.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-11027">CVE-2020-11027</a> + + <p>A password reset link emailed to a user does not expire upon + changing the user password. Access would be needed to the email + account of the user by a malicious party for successful execution.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-11028">CVE-2020-11028</a> + + <p>Some private posts, which were previously public, can result in + unauthenticated disclosure under a specific set of conditions.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-11029">CVE-2020-11029</a> + + <p>A vulnerability in the stats() method of class-wp-object-cache.php + can be exploited to execute cross-site scripting (XSS) attacks.</p></li> + +</ul> + +<p>For Debian 8 <q>Jessie</q>, these problems have been fixed in version +4.1.30+dfsg-0+deb8u1.</p> + +<p>We recommend that you upgrade your wordpress packages.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2020/dla-2208.data" +# $Id: $ |