Your message dated Fri, 07 Jan 2022 05:20:31 +0000 with message-id <e1n5hfz-0000k9...@fasolo.debian.org> and subject line Bug#1003243: fixed in wordpress 5.8.3+dfsg1-1 has caused the Debian Bug report #1003243, regarding wordpress: WordPress 5.8.3 Security Release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Version: 5.8.2+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> WordPress have released version 5.8.3 which fixes 4 security bugs. https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ * An issue with stored XSS through post slugs. CVE-2022-21662 - Stored XSS through authenticated users https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w https://hackerone.com/reports/425342 * An issue with Object injection in some multisite installations. CVE-2022-21663 - Authenticated Object Injection in Multisites https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h https://hackerone.com/reports/541469 * A SQL injection vulnerability in WP_Query. CVE-2022-21661 - WordPress: SQL Injection through WP_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 https://hackerone.com/reports/1378209 * A SQL injection vulnerability in WP_Meta_Query CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 5.8.3+dfsg1-1 Done: Craig Small <csm...@debian.org> We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Jan 2022 15:57:14 +1100 Source: wordpress Architecture: source Version: 5.8.3+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Closes: 1003243 Changes: wordpress (5.8.3+dfsg1-1) unstable; urgency=high . * Upstream security release Closes: #1003243 - CVE-2022-21662 - Stored XSS through authenticated users - CVE-2022-21663 - Authenticated Object Injection in Multisites - CVE-2022-21661 - WordPress: SQL Injection through WP_Query - CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query Checksums-Sha1: b9cf7db9f184c6c5a2518ef5a36e80a5ef1cd5ed 2392 wordpress_5.8.3+dfsg1-1.dsc 9006c624ef62350753b6d64e6fe7c3c28739b272 11015192 wordpress_5.8.3+dfsg1.orig.tar.xz 3b53da7d3d9385c85f5cbfdb96851f0ce4afc448 6825408 wordpress_5.8.3+dfsg1-1.debian.tar.xz b2e699ef9e2808c0dbe9f8a046076d25fcf4a153 7428 wordpress_5.8.3+dfsg1-1_amd64.buildinfo Checksums-Sha256: 86ee6745cf39450a85c3ba7b403f414906f4d62723e13bdc244e973d864421c7 2392 wordpress_5.8.3+dfsg1-1.dsc 996388aba49f794dd8df9f2a6a22b81aef574909e07a29b69178ac4608c86ca9 11015192 wordpress_5.8.3+dfsg1.orig.tar.xz 37947d03ee2ccaa6c941d1b2fa2174d2d2ca0d20b5e8d3cc3803a1429a9548d6 6825408 wordpress_5.8.3+dfsg1-1.debian.tar.xz d1ce6c08482533f747f4f3246d41a4b50c383083c2e2dd27e365bd21b218ccfa 7428 wordpress_5.8.3+dfsg1-1_amd64.buildinfo Files: 2f36a0073eaafcb5295cc519975c704d 2392 web optional wordpress_5.8.3+dfsg1-1.dsc 1e7169b1e66338824a4f7a3e79d94874 11015192 web optional wordpress_5.8.3+dfsg1.orig.tar.xz 518d443263ecdfba274dd2614f422cd1 6825408 web optional wordpress_5.8.3+dfsg1-1.debian.tar.xz 3319d067b0cd9e39d1ba314d3a575228 7428 web optional wordpress_5.8.3+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmHXyRkACgkQAiFmwP88 hOOG6g/+M0rq7FaSXX1w5SaCDX++Y2BcQiNqqVxo4mp8CVqjM48cSs+jZL1LvW1f x01ZGJpe1Al7/MngPPYLOJBiQFc80qEZJ4bvFIaQDtdUZYtX/OQWLLNKftYUIwRZ NMwxZR7snLt0JL0oexDGZTn+zWeaDcs5PDcw1OZaIP7rieXsbmfuEbQiBh4FC540 6BsFWg0gIpmdUrLRSEpO2tFsWlXA4/9g6RaXJ0VEf9rlJg4Okx8ACHxX3AWJqiZw B6s6ylSCa8DDC/JpM3a6X9LKTltmhszjEyzUv49tQs2jPsyzAIaKN5bqHy+LCv38 iavNDfute3SAX7INbhV7uxKzmM7gnWaxpNhT35Ycg3ssn1wmQdgSrpgMNRZZuSCE 7ADoDRiRwME91szYSjEosRqb90oXkwpWio8ZCZ4ziTEUP6TR+fJ9Og99EMRL9O7w Uv/nC2v4x6gHNvjl0rGjkcdNmpy8ArnzAYC99XD0VwI/kuFMRnp1Cu7colpX5Vgr IB430yGkWOqaTXX8OLeGCc2G4yg9pMdN09IVGS2hnktkb7vgax8DT4ThgCd/b+IS EW8wUDejS61WVvBFFULd4gmZPiqnxEs+G0ZmLkrzywI8o1r1owaCweqai9ZZmbkM 3bCPIRFn+1dGaKqHHJAXxxSoztay20xtPIN+uIqb2IBOwifz99E= =52QB -----END PGP SIGNATURE-----
--- End Message ---
