Your message dated Wed, 08 Jan 2020 21:47:15 +0000
with message-id <[email protected]>
and subject line Bug#946905: fixed in wordpress 5.0.4+dfsg1-1+deb10u1
has caused the Debian Bug report #946905,
regarding wordpress: WordPress 5.3.1 Security and Maintenance Release
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
946905: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946905
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.2.4+dfsg1-1
Severity: important
Tags: security upstream
Hi
See
https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
where earlier versions (e.g. 5.2 branch) were as well released with
fixes for these security issues.
As usual, there is not much information provided and likely as well no
CVE requests happened yet (can you take care of it?).
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.0.4+dfsg1-1+deb10u1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 27 Dec 2019 15:26:33 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.0.4+dfsg1-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 939543 942459 946905
Changes:
wordpress (5.0.4+dfsg1-1+deb10u1) buster-security; urgency=medium
.
* Backport of the 5.3.1 security release Closes: #946905
- CVE-2019-20043
an unprivileged user could make a post sticky via the REST API.
- CVE-2019-20042
cross-site scripting (XSS) could be stored in well-crafted links
- CVE-2019-20041
hardening wp_kses_bad_protocol() to ensure that it is aware
of the named colon attribute.
- CVE-2019-16780 and CVE-2019-16781
stored XSS vulnerability using block editor content.
* Backport of the 5.2.4 security release Closes: #942459
- CVE-2019-17674
Stored XSS in the Customizer
- CVE-2019-17671
Viewing unauthenticated posts
- CVE-2019-17672
Stored XSS to inject javascript into style tags
- CVE-2019-17673
Poisoning JSON GET requests
- CVE-2019-17669
SSRF in URL vaidation
- CVE-2019-17675
Referer validation in admin screens
* Backport of 5.2.3 security release, Closes: #939543
- CVE-2019-16223
XSS in post previews
- CVE-2019-16218
XSS in stored comments
- CVE-2019-16220
Open redirect due to validation and sanitization
- CVE-2019-16217
XSS in media uploads
- CVE-2019-16219
XSS in shortcode previews
- CVE-2019-16221
XSS in dashboard
- CVE-2019-16222
XSS in URL sanitization
Checksums-Sha1:
1680e199b4be6c6cacb81497152b638c215c8bed 2474
wordpress_5.0.4+dfsg1-1+deb10u1.dsc
c2f13e9747708167a7445848032220e21aa7400b 7841492
wordpress_5.0.4+dfsg1.orig.tar.xz
81ef210ed2f5078cb78e2aff276b33c9a2c46c96 6855228
wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
b6cc3409c5ab3034e0fb5be02e655d8dfe6c35a4 4384400
wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
34bdd5fb049aeec2641470f70e2efa89273b7df6 306440
wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
28c990d014762584c0c484538f62a9f87b8033ec 946000
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
c3bff7bc4cd576fddbadf127e2f2d9b3b96fba5d 593688
wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
73b5ac679a6e3e1e61fcceb87fe9e4e242f5a939 5999780
wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
b8f192af92b57ed19610629123e1fdb35ed453cd 7315
wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
550595b367db12a9e96391f3c2eb99af819772154b51a81b49a023c3d724112c 2474
wordpress_5.0.4+dfsg1-1+deb10u1.dsc
0887eb0a3d0c6b2a7402d6c036b093bacc902b286b3555301c3c4a0d2e5acc7e 7841492
wordpress_5.0.4+dfsg1.orig.tar.xz
d68835e139d472b5f9ad26c04b00da2e7e1fc13fc6f07cff1153c81c3350e801 6855228
wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
7a43198caa2035c9140d050a31382c21625959df416bd5bc4eaa285fdc7790f0 4384400
wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
bbc3cb504db6060ef6fe3ef50694ef7fb0db1cb82a5f89f515f59fa704b6165f 306440
wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
f04a95781814235213e1c859c0e41e9a2e672f9d8ba6f301adb11e3257b23351 946000
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
b29f45945f7ad9940e9b99af91be1366f8f4b532c025cdfa4a422b7a521b492b 593688
wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
d9ea6c7280e2f3449989e60b96c31443bcfcaa4c2a7f31401fdd2c5c39a813c2 5999780
wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
b489a9f753846dd06ef2be6105b9705d5da6865dca72246c40ebeb974ddf1b30 7315
wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Files:
168462625aef3cd06d227b22e50b009b 2474 web optional
wordpress_5.0.4+dfsg1-1+deb10u1.dsc
8213279cb75bd9fc7712853aed80458b 7841492 web optional
wordpress_5.0.4+dfsg1.orig.tar.xz
f5c3efa04752a1bb548df3f6500f8df3 6855228 web optional
wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
d33b93145c8de60fccbbcd09b3f48b0f 4384400 localization optional
wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
b17a090279bb57798c8f4bb0afc48e30 306440 web optional
wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
6748a1852da4895a638b2eb59f3362a9 946000 web optional
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
e1752ab4754e6260dc1ed8306422a2fb 593688 web optional
wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
c4725e3043e9d6ff59b1a897d93903fa 5999780 web optional
wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
e54911005ad60dcfabf6293ae41ec69e 7315 web optional
wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl4RTU4ACgkQAiFmwP88
hOM4Gg/+Mx+IP9rwvQVUvNQpIVjJdP9u70RRJx0IT1EmekCccu7H4IUysDAOdmNX
bfq/iU38pMujlKahXWeu60yE5glBwArpU+AZiy0zXuR2RN8M7wvrmPyl1J1wQuam
8xoHliuIaldzaZmkUYOYqxPPvIJXT8VEpYnGInI7w1BFcXVan2eY0UCTO9jeDcE8
7SV0n2FSMevLH1J5ow3yoABY/tmHT3rhTKFcUCaY5lQB9UmEsdGhK06u8QwLEsce
yuEqYbzjGNcJz3DRkNQNgqRxpjELOw1WcwbFXgmkPFEkuTgPIwmdcQFYl8uXCkTl
NGGa1DcYIs8ed4RWot7jvJ6YPVOadQmNYT8L76KUFAk37VK/wUdgWgoPyLhQ4fNE
+a1Zng9XwcnvsDJPnU4kwYvFb/pzAzkinOz9S6xO4MC/78WASO9z8As8kBHOA+iv
c6xKrc0NLXKddmvn1DQSF9rtA/tVtcXs9EXpjCS/Zq2GcTQLGBZIFRuxhk3Vydxz
GBF4VLgPaOuz5LBAQ5i6x293JHbvaiNqFuBe0wTzE+gim+ftY1J0xirHhL44Fbfw
PgCECryLHLheB622CFgDDLLUHMZJuCabwzthe5cSuFKDf4uLWnWvAV8/cfGDNvA4
Q5jhuo7wBzPGHcu9bdNbsMy0AIjWGoVAX53T2fkSQv7tBPjsBU4=
=plxk
-----END PGP SIGNATURE-----
--- End Message ---
