{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**WordPress 5.4.2 Security and Maintenance Release**\n\nThis security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes\u2014see the list below.\n\nThese bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you\u2019ll want to upgrade.\n\n**Security Updates**\n\nWordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven\u2019t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.\n\n*    Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.\n*    Props to Luigi \u2013 (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.\n*    Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().\n*    Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.\n*    Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.\n*    Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2020-06-11 05:09:44", "date_modified": "2020-06-19 05:28:03", "date_approved": null, "date_testing": "2020-06-14 18:01:25", "date_stable": "2020-06-23 01:18:52", "alias": "FEDORA-2020-8447a3e195", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2020-06-23 01:18:52", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2020-8447a3e195", "title": "wordpress-5.4.2-1.fc32", "version_hash": "2e3ed28a6d5ed574238929d25dc1c9ff17e9b374", "release": {"name": "F32", "long_name": "Fedora 32", "version": "32", "id_prefix": "FEDORA", "branch": "f32", "dist_tag": "f32", "stable_tag": "f32-updates", "testing_tag": "f32-updates-testing", "candidate_tag": "f32-updates-candidate", "pending_signing_tag": "f32-signing-pending", "pending_testing_tag": "f32-updates-testing-pending", "pending_stable_tag": "f32-updates-pending", "override_tag": "f32-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2020-06-11 05:09:44", "update_id": 212292, "user_id": 91, "id": 1406862, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2020-06-11 05:09:45", "update_id": 212292, "user_id": 91, "id": 1406863, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-06-11 05:09:47", "update_id": 212292, "user_id": 91, "id": 1406865, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2020-06-14 18:03:03", "update_id": 212292, "user_id": 91, "id": 1412399, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2020-06-19 05:28:03", "update_id": 212292, "user_id": 91, "id": 1420577, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'greenwave_failed'.", "timestamp": "2020-06-19 06:51:21", "update_id": 212292, "user_id": 91, "id": 1420605, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-06-19 11:50:23", "update_id": 212292, "user_id": 91, "id": 1421383, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'greenwave_failed'.", "timestamp": "2020-06-19 13:42:20", "update_id": 212292, "user_id": 91, "id": 1421581, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-06-19 15:12:05", "update_id": 212292, "user_id": 91, "id": 1422006, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2020-06-21 18:02:21", "update_id": 212292, "user_id": 91, "id": 1425475, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2020-06-21 18:02:21", "update_id": 212292, "user_id": 91, "id": 1425476, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2020-06-23 01:21:46", "update_id": 212292, "user_id": 91, "id": 1427166, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "wordpress-5.4.2-1.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1848680, "title": "CVE-2020-4046 wordpress: authenticated XSS through embed block", "security": true, "parent": true, "feedback": []}, {"bug_id": 1848681, "title": "CVE-2020-4046 wordpress: authenticated XSS through embed block [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1848684, "title": "CVE-2020-4047 wordpress: authenticated XSS via media attachment page", "security": true, "parent": true, "feedback": []}, {"bug_id": 1848685, "title": "CVE-2020-4047 wordpress: authenticated XSS via media attachment page [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1848689, "title": "CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function", "security": true, "parent": true, "feedback": []}, {"bug_id": 1848690, "title": "CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1848692, "title": "CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads", "security": true, "parent": true, "feedback": []}, {"bug_id": 1848693, "title": "CVE-2020-4049 wordpress: authenticated self-XSS via theme uploads [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1848697, "title": "CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation", "security": true, "parent": true, "feedback": []}, {"bug_id": 1848698, "title": "CVE-2020-4050 wordpress: set-screen-option filter misuse by plugins leads to privilege escalation [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2020-8447a3e195", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}