Changelog
wordpress (5.0.11+dfsg1-0+deb10u1) buster-security; urgency=high
* Security release, fixes 8 bugs Closes: #973562
- CVE-2020-28039: Protected meta that could lead to arbitrary
file deletion.
- CVE-2020-28035: XML-RPC privilege escalation.
- CVE-2020-28036: XML-RPC privilege escalation.
- CVE-2020-28032: Hardening deserialization requests.
- CVE-2020-28037: DoS attack could lead to RCE.
- CVE-2020-28038: Stored XSS in post slugs.
- CVE-2020-28033: Disable spam embeds from disabled sites
on a multisite network.
- CVE-2020-28034: Cross-Site Scripting (XSS) via global variables.
- CVE-2020-28040: CSRF attacks that change a theme's background image.
* Remove duplicated changeset 45974 Closes: #971914
-- Craig Small <email address hidden> Tue, 03 Nov 2020 18:02:39 +1100