Your message dated Fri, 06 Sep 2019 09:04:37 +0000
with message-id <[email protected]>
and subject line Bug#939543: fixed in wordpress 5.2.3+dfsg1-1
has caused the Debian Bug report #939543,
regarding wordpress: 5.2.3 fixes several XSS and other security bugs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
939543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.2.2+dfsg1-1
Severity: normal
Tags: security
Wordpress has release 5.2.3 which fixes several security holes.
From
https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Security Updates
Props to Simon Scannell of RIPS Technologies for finding and disclosing two
issues. The first, a cross-site scripting (XSS) vulnerability found in post
previews by contributors. The second was a cross-site scripting vulnerability
in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of
a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media
uploads.
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a
vulnerability for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case
where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with
URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions
of WordPress. This change was added in 5.2.1 and is now being brought to older
versions.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.2.3+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Sep 2019 18:39:10 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 939543
Changes:
wordpress (5.2.3+dfsg1-1) unstable; urgency=medium
.
* Security release, fixes several issues Closes: #939543
- XSS in post previews
- XSS in stored comments
- Open redirect due to validation and sanitization
- XSS in media uploads
- XSS in shortcode previews
- XSS in dashboard
- XSS in URL sanitization
* Use replace for dh-linktrees for underscore-js
Checksums-Sha1:
8d506f243469ab253cf7febe53d062233e6c22ac 2442 wordpress_5.2.3+dfsg1-1.dsc
1bc82c2c893c1c8a8946e256a0d9aecee4ddef8d 7917852
wordpress_5.2.3+dfsg1.orig.tar.xz
8c811cf265f76c5c2ec9ba1049332002f58e6ba4 6818996
wordpress_5.2.3+dfsg1-1.debian.tar.xz
456a566d2bc2c00621f79d69c7517f56df118c52 4382520
wordpress-l10n_5.2.3+dfsg1-1_all.deb
ada1be882091cc9b7c86920b6a0be278a699dbb2 315732
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
6e7493b18161871cc3253246907137c44313ff87 946024
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
0f38b10df0c0f9076e91aeed985c18f95f859cc9 593808
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
958e97b9e41c225593cbf409432c1fad20155168 6084052
wordpress_5.2.3+dfsg1-1_all.deb
4b70656406b38514302896ddf6243d4ea1a08cd2 7402
wordpress_5.2.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
42f0870a37b98e053d96b53d33134e4312885b89204d5cd0503234af7574b8ae 2442
wordpress_5.2.3+dfsg1-1.dsc
1cce8a6b53f9acb727ec00e5d20ebf3d8d9423987b2255b2091de237089064c9 7917852
wordpress_5.2.3+dfsg1.orig.tar.xz
9fc4e7eef4b456358fe28b8866ec1831b057a6ff780a53d271e38e5f6d39f42f 6818996
wordpress_5.2.3+dfsg1-1.debian.tar.xz
3c54045bf93d0e17e17003202606206e44ad6acf145b837fd334ee82584b9797 4382520
wordpress-l10n_5.2.3+dfsg1-1_all.deb
949b71ce37a9201ab868138ca4a5a3bedf58cf8d752058f26ff0664fa5d56803 315732
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
30f6a8c8538c6f2d61785190ef12fcf07c76fa35964c4accb69df7a105245011 946024
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
44b27f25d1bf0904053c318d7cb78ec89f5e81e0cb9e7d3dbe02f04d49dcbed4 593808
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
64d203ffcde82799c40eaad974d7d598997130173649b9aaf18cbfc6e65f70c7 6084052
wordpress_5.2.3+dfsg1-1_all.deb
52cc04976da8487f3f03945785580a1d33e4f1224871a6c4caf2eb7903df19f6 7402
wordpress_5.2.3+dfsg1-1_amd64.buildinfo
Files:
aeaaf3d05c8ed55b4b164900ebddb3e8 2442 web optional wordpress_5.2.3+dfsg1-1.dsc
72bdb1b905ab5945568b98eaa1dfaf3a 7917852 web optional
wordpress_5.2.3+dfsg1.orig.tar.xz
88c8abbac963fe4844e8f53c7fef5961 6818996 web optional
wordpress_5.2.3+dfsg1-1.debian.tar.xz
8af29f7316f193a32cf7672a41abf38d 4382520 localization optional
wordpress-l10n_5.2.3+dfsg1-1_all.deb
0212617d358b85d3915d9be51b3198b9 315732 web optional
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
c80197f993c8c56a9f011659d600807e 946024 web optional
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
953a2bdc4490f7d8ab1159182a98d1db 593808 web optional
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
975e49f2e4f0dbbb09e3fe510a4056b0 6084052 web optional
wordpress_5.2.3+dfsg1-1_all.deb
5b455e86296e6f87088cf29934f74fd1 7402 web optional
wordpress_5.2.3+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl1yHgIACgkQAiFmwP88
hON5jw//YLyDPz4g5bIgrkmnKCA/k1F83xCm0O77OuHDB+ZujrA1IiXPspiqf69K
8QsdeYWdt+K2OAjhElpn8dLD9J0zY06JWsccwc2ycmgWX5XHaSdIqiWmWHmonvlR
7aXH4TYaGWmjBVb34fPLgT66qqzRVz7DZSRKrY++DHqv2MF9XXigyBTH6p0DIe+d
bfPYmlrw+pUTl781dxourGqwbnn7Uzq0p1BW6iDG4R/kVzfrO2oFQkEgq+7DAqr5
LaqfXpQeZ2bZqtTT7F0tj2Rw27fzbSdOTAJATt+WoCOEQMTZpMvO/7P7M+gFxPdo
SJM58iK7Os6wO62WKAXtEBHrpoY7ENcMmnRxpcX5pthK3dBpCkslUz1GD8e5Hg0K
E6uC3dKMGA8evGNoNLsjQXqYUsFEM7NTyrxKX6ZvKcRPgstV+1B5myU8aTZier59
bHkJG3yuBdy2inI6spdvgSju4nMU9n3idg2LtCs9ZlgDjBkxtsI9ifyndFP1a0PR
9QH4CCl0HCTkIRlR1HIFoBu3P3RFONWvHyyBgSi2f+7nU8vMfahh6VxOxjenyGQ0
B8ZtuR5FeGjiMQSf5rmxILmUWknnR8jj2pTz6Kn8X85WPu/Hq4mC5VZknHv/NgLd
OJShgzD0VmVYsqBmWWSaHRAnPGSnswql/cX4yTBjySxfu7oc/Dc=
=Znh5
-----END PGP SIGNATURE-----
--- End Message ---