Your message dated Sat, 16 Oct 2021 14:32:13 +0000
with message-id <[email protected]>
and subject line Bug#994060: fixed in wordpress 5.7.3+dfsg1-0+deb11u1
has caused the Debian Bug report #994060,
regarding wordpress: CVE-2021-39200
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
994060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994060
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.7.1+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wordpress.
CVE-2021-39200[0]:
| WordPress is a free and open-source content management system written
| in PHP and paired with a MySQL or MariaDB database. In affected
| versions output data of the function wp_die() can be leaked under
| certain conditions, which can include data like nonces. It can then be
| used to perform actions on your behalf. This has been patched in
| WordPress 5.8.1, along with any older affected versions via minor
| releases. It's strongly recommended that you keep auto-updates enabled
| to receive the fix.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39200
[1]
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.7.3+dfsg1-0+deb11u1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Sep 2021 10:55:23 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen
wordpress-theme-twentytwenty wordpress-theme-twentytwentyone
Architecture: source all
Version: 5.7.3+dfsg1-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentytwenty - weblog manager - twentytwenty theme files
wordpress-theme-twentytwentyone - weblog manager - twentytwentyone theme files
Closes: 994059 994060
Changes:
wordpress (5.7.3+dfsg1-0+deb11u1) bullseye-security; urgency=medium
.
* Security release, fixes 2 bugs:
- CVE-2021-39200 - Disclosure in wp_die() Closes: #994060
- CVE-2021-39201 - XSS in editor Closes: #994059
Checksums-Sha1:
08fe4365f37037a8aab221a86ee7283d855fdf50 2424
wordpress_5.7.3+dfsg1-0+deb11u1.dsc
ee9d5d2a01c55929a63062574cee94afe44c8ac8 11473964
wordpress_5.7.3+dfsg1.orig.tar.xz
91c6f7e3ed70817563b6cba180fa6a01b9159c96 6824816
wordpress_5.7.3+dfsg1-0+deb11u1.debian.tar.xz
333aa07590795ca0e1d2416b96e0a3322a7b6351 4385964
wordpress-l10n_5.7.3+dfsg1-0+deb11u1_all.deb
ae4cdc6cf6ffbe397de757a56cfb2d5d314a44cd 500436
wordpress-theme-twentynineteen_5.7.3+dfsg1-0+deb11u1_all.deb
4b7fae67adb27331e4ade8ee21a7c8f6580219f4 772324
wordpress-theme-twentytwenty_5.7.3+dfsg1-0+deb11u1_all.deb
ba2dae1bbec1315dcc4a6f003a5e1cd50aea418d 2585892
wordpress-theme-twentytwentyone_5.7.3+dfsg1-0+deb11u1_all.deb
915a8a0e391b27f3a85f9b84b79649ddc40abe71 7780088
wordpress_5.7.3+dfsg1-0+deb11u1_all.deb
6cdbb85f70b1916974d5cc8618588453156621f1 7530
wordpress_5.7.3+dfsg1-0+deb11u1_amd64.buildinfo
Checksums-Sha256:
79c914e1fb82829ab514cabb3b42591d7943756613c86f76c8fc0539d104f5f6 2424
wordpress_5.7.3+dfsg1-0+deb11u1.dsc
0c301b91b880e10d1e9741ae65fcd25ddf2f2415f861922970b385379bc235ef 11473964
wordpress_5.7.3+dfsg1.orig.tar.xz
f634ea3ac33b6092e61389f005a899c3b1a2b4013865460ceb81e7757c6a5998 6824816
wordpress_5.7.3+dfsg1-0+deb11u1.debian.tar.xz
d0336b6778ed617448ddbcc03bd334ddfda9b6ebb90a787555d2a6ed644dbd5a 4385964
wordpress-l10n_5.7.3+dfsg1-0+deb11u1_all.deb
39bc2475755a06c14f7bfd8725f7cd11186c47c6fc1c59600c84a4768d158c30 500436
wordpress-theme-twentynineteen_5.7.3+dfsg1-0+deb11u1_all.deb
c4f838ca3ab05e0b4aa3d1f46cc3deb9af645bc72b21f69104d09b5e4feff743 772324
wordpress-theme-twentytwenty_5.7.3+dfsg1-0+deb11u1_all.deb
cb365578393a644f524e26abdeae28e652529a626c4a12ea8532a007f7b98088 2585892
wordpress-theme-twentytwentyone_5.7.3+dfsg1-0+deb11u1_all.deb
455177a42f20ca80d9dc7c48149c451afd6454ae1d96ca263544e14526a00b88 7780088
wordpress_5.7.3+dfsg1-0+deb11u1_all.deb
e38cb01a397d6cb884526cd094d25e21c5ef9498ff2a84f33b232a84e3ae7e0c 7530
wordpress_5.7.3+dfsg1-0+deb11u1_amd64.buildinfo
Files:
bbf2af9af9401cbdd3c9fa560e13009c 2424 web optional
wordpress_5.7.3+dfsg1-0+deb11u1.dsc
40ba2b3453ed628422e2ffea05b3f27f 11473964 web optional
wordpress_5.7.3+dfsg1.orig.tar.xz
6caff3191c5db10c76cc1543b357a72c 6824816 web optional
wordpress_5.7.3+dfsg1-0+deb11u1.debian.tar.xz
c98ca09dd1bc4ace061ba2c312b0e62f 4385964 localization optional
wordpress-l10n_5.7.3+dfsg1-0+deb11u1_all.deb
2717984a04d5bfe20e80e184b92dcebb 500436 web optional
wordpress-theme-twentynineteen_5.7.3+dfsg1-0+deb11u1_all.deb
0f2a3b87cbd4d2012a44fbcd31bcdb7e 772324 web optional
wordpress-theme-twentytwenty_5.7.3+dfsg1-0+deb11u1_all.deb
2ed70ab5d88d926c9a60897d6e0fa450 2585892 web optional
wordpress-theme-twentytwentyone_5.7.3+dfsg1-0+deb11u1_all.deb
d73d398cfe58ab288cfbd9c85e0383a9 7780088 web optional
wordpress_5.7.3+dfsg1-0+deb11u1_all.deb
37c527b0e01b9cb728eb864f1a2f4ddb 7530 web optional
wordpress_5.7.3+dfsg1-0+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmFXzLUACgkQAiFmwP88
hONjJw/7Bidbe1lmkXt81Ef5NJHe/e7RWe1QZP2JR1/5AhFGnbZJeNkp2PTIPbIo
qnCQ6oY/UzcR+XK9EubjcCv/yZ6ANw5az6DwClkuwSYyd7/rIJ09/IYvZOGwbV3C
tcFINbcEpCrlksd9niowjbhwJSz7OOWElWgmQu0D/WSKwFqK/cOvOn51qZD7f+lo
Hh7kb6DKrBtvrbOUqPjqfatLqsvJ4vGTeW7lYBxE/tO4FBCbuTFJMohv9DeD10as
yK/FTZcZxAAlbfKNsROtQoDLj3Yqp1dJ53018trEuOgkUd1EKUGdFn333hyNUFh2
TTiikv8vtKqAzUU+YUn0rFnB256a6Bh2oiGgOoQvvBLLUhAzZSQZjtZD4UB+Kirp
sHRiSOTh1tAHrtLxSVEbIZe5fVTFlqrEjqYsJapgH8VUGbmRvqJsJE1J0/HmMgZD
8eHLYq1n0mAYy/wWvSI7pFkWIsCV3L27Wh9D4rvwzwIqcc8u9wCCswkcl+Jxf5PG
/4GFtDCu83DNlLLQaHV5kFv8YiPYVIjcpV2GK0SrW8hDySzGnK+cbbPZc2L+ewG/
l9jAzeD+Y388Y9FykwL2/2XqewjIyw6lWwHJ97tijR/Ljb4k9wHioLw4lSX9DHBq
a3Eh4AE7euMDKuz3WBmEXxgWWcuOPCsBJZAfZ/x7QJ1svZhqvRg=
=z1Gm
-----END PGP SIGNATURE-----
--- End Message ---
