FEDORA-EPEL-2020-6bc42544ca created by remi a year ago for Fedora EPEL 6
stable

WordPress 5.1.8 Maintenance Release

This maintenance release fixes an issue introduced in WordPress 5.1.7 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured.


WordPress 5.1.7 Security Release

Security Updates

  • Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
  • Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
  • Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
  • Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
  • Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
  • Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
  • Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
  • Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF.
  • And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

This update has been submitted for testing by remi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted wordpress-5.1.7-1.el6, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

remi edited this update.

a year ago

remi edited this update.

a year ago

This update can be pushed to stable now if the maintainer wishes

11 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a year ago
in testing
a year ago
in stable
11 months ago
modified
a year ago
BZ#1894947 CVE-2020-28032 wordpress: hardening deserialization requests
0
0
BZ#1894949 CVE-2020-28032 wordpress: hardening deserialization requests [epel-all]
0
0
BZ#1894954 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network
0
0
BZ#1894956 CVE-2020-28033 wordpress: disable spam embeds from disabled sites on a multisite network [epel-all]
0
0
BZ#1894957 CVE-2020-28035 wordpress: XML-RPC privilege escalation
0
0
BZ#1894959 CVE-2020-28035 wordpress: XML-RPC privilege escalation [epel-all]
0
0
BZ#1894962 CVE-2020-28034 wordpress: XSS via global variables
0
0
BZ#1894964 CVE-2020-28034 wordpress: XSS via global variables [epel-all]
0
0
BZ#1894966 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post
0
0
BZ#1894968 CVE-2020-28036 wordpress: privilege escalation by using XML-RPC to comment on a post [epel-all]
0
0
BZ#1894969 CVE-2020-28037 wordpress: DoS attack could lead to RCE
0
0
BZ#1894971 CVE-2020-28037 wordpress: DoS attack could lead to RCE [epel-all]
0
0
BZ#1894974 CVE-2020-28038 wordpress: stored XSS in post slugs
0
0
BZ#1894976 CVE-2020-28038 wordpress: stored XSS in post slugs [epel-all]
0
0
BZ#1894982 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion
0
0
BZ#1894984 CVE-2020-28039 wordpress: protected meta that could lead to arbitrary file deletion [epel-all]
0
0
BZ#1894995 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image
0
0
BZ#1894997 CVE-2020-28040 wordpress: CSRF attacks that change a theme's background image [epel-all]
0
0

Automated Test Results