On 02/11 08:01, Craig Small wrote: > Wordpress versions less than 5.5.2 have the following security > vulnerabilities: > > CVE-2020-28039: Protected meta that could lead to arbitrary file deletion. > CVE-2020-28035: XML-RPC privilege escalation. > CVE-2020-28036: XML-RPC privilege escalation. > CVE-2020-28032: Hardening deserialization requests. > CVE-2020-28037: DoS attack could lead to RCE. > CVE-2020-28038: Stored XSS in post slugs. > CVE-2020-28033: Disable spam embeds from disabled sites on a multisite > network. > CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. > CVE-2020-28040: CSRF attacks that change a theme's background image.
Hi Craig, are you planning on backporting the fixes for those on top of buster's 5.0.10+dfsg1-0+deb10u1? Cheers, -- Seb
