Your message dated Sat, 11 Sep 2021 00:49:59 +0000
with message-id <[email protected]>
and subject line Bug#994060: fixed in wordpress 5.8.1+dfsg1-1
has caused the Debian Bug report #994060,
regarding wordpress: CVE-2021-39200
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
994060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994060
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.7.1+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wordpress.
CVE-2021-39200[0]:
| WordPress is a free and open-source content management system written
| in PHP and paired with a MySQL or MariaDB database. In affected
| versions output data of the function wp_die() can be leaked under
| certain conditions, which can include data like nonces. It can then be
| used to perform actions on your behalf. This has been patched in
| WordPress 5.8.1, along with any older affected versions via minor
| releases. It's strongly recommended that you keep auto-updates enabled
| to receive the fix.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39200
[1]
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.8.1+dfsg1-1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Sep 2021 10:29:52 +1000
Source: wordpress
Architecture: source
Version: 5.8.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Closes: 988991 992302 994059 994060
Changes:
wordpress (5.8.1+dfsg1-1) unstable; urgency=medium
.
* Security release
- CVE-2021-39200 - Disclosure in wp_die() Closes: #994060
- CVE-2021-39201 - XSS in editor Closes: #994059
* New upstream release Closes: #992302
* Add direct FS_METHOD in mysql setup Closes: #988991
* Add AppArmor profile
Checksums-Sha1:
1d8b1e5d1735ade84b78001dcccfef144184410e 2392 wordpress_5.8.1+dfsg1-1.dsc
9fc5a4ef76ef6a13255fd5541fb7474c82a230bc 10976172
wordpress_5.8.1+dfsg1.orig.tar.xz
03166ebc66d33226702f125997532220ac8ef2b4 6824764
wordpress_5.8.1+dfsg1-1.debian.tar.xz
d87d28c4eb40ba28e8bb38d62dd8f92f34ae1c52 7527
wordpress_5.8.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
e352bb619cb44c7f19ece08c5259f02cf172a280413a1093bc49845c52713bca 2392
wordpress_5.8.1+dfsg1-1.dsc
61dfe7114fad609209fb24cc3e73914a2d8d760ee976ee495bf006d520b43e86 10976172
wordpress_5.8.1+dfsg1.orig.tar.xz
44ed34c1ccfdefe648d6b141a6ca2e8a07d69f4e64f845a04784cffb7e58ef5c 6824764
wordpress_5.8.1+dfsg1-1.debian.tar.xz
70f45e973ce7a79f42cc322bdf85681aa6028731bdc1c0afc22e2a8b37876ca9 7527
wordpress_5.8.1+dfsg1-1_amd64.buildinfo
Files:
da3b4b8bf1979e2085d2506184b17990 2392 web optional wordpress_5.8.1+dfsg1-1.dsc
3a9b177d6c0090e71b38875d520d71a1 10976172 web optional
wordpress_5.8.1+dfsg1.orig.tar.xz
54c35058d9ef9b015b4d5ee72cb949a2 6824764 web optional
wordpress_5.8.1+dfsg1-1.debian.tar.xz
9ff2823b0baeeec776bbb53d8e9eb5a9 7527 web optional
wordpress_5.8.1+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmE7+O8ACgkQAiFmwP88
hOMV3Q//aDGonVYKe4GpL0BqY8cfb2CISPSRbkqvM4HonbZf5A8V0Scg5RSP6Nsd
RGo2JpfSoiaGW/4+Bdknms2jj9VAH5/XOTYhesqShX0825ZrzFKS6foi/iLmiPXg
0H/Pe5WM6ZlMVjPnRPJ6VqwQaJItu943qsnevMPvecvzUoFfBjYrDgeWjFZ0HfKC
58z//vdn/hzpmLq8NeOzjm+wQXoJSy55EFWZC7FT+f17y7sNEu4XShWg1FEolbmZ
bGhUQa9z6hBJskVYH5vBjYFdJMNclDofNDxp4YMnDzbLQc2DrTUHXvdJFEvEfeFY
RvVudEugkbAmmH+UgxnOw8OWvr4Y1YvLCjLw73LiKyZrShnkRobK4+MjlhgiRVaC
rLPNI4/b5hKKAV7v99nk0LqWfaKSBrr7jVpUDZ480fmdoE7qq9RhBEAU8Qepr+/w
f/WCRZjnloY6z7yvoevVmGVZgent6PLHoomkrlMFfqHtCTEEcdBnYlBax/jm7SQ+
MjN/MhtFP6OnmfBHP62pWQ4x66K1eoSu9EdlWcehylMmy6JDKOAaZgmdOBv4D5P4
KqDVzOpRgSkFHBzrnzZkeqo8r2hzcJAE0cBrwEIpOa1cOvvqxCOZzNJaxYZNikT1
pujDBevHq139BBDlnhyjFoqMQRm4gi2xMzwqhGcjq7VO8ArXseo=
=HjWH
-----END PGP SIGNATURE-----
--- End Message ---
