Your message dated Sat, 22 Jan 2022 19:18:06 +0000 with message-id <e1nbltm-0005pw...@fasolo.debian.org> and subject line Bug#1003243: fixed in wordpress 5.7.5+dfsg1-0+deb11u1 has caused the Debian Bug report #1003243, regarding wordpress: WordPress 5.8.3 Security Release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Version: 5.8.2+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> WordPress have released version 5.8.3 which fixes 4 security bugs. https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ * An issue with stored XSS through post slugs. CVE-2022-21662 - Stored XSS through authenticated users https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w https://hackerone.com/reports/425342 * An issue with Object injection in some multisite installations. CVE-2022-21663 - Authenticated Object Injection in Multisites https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h https://hackerone.com/reports/541469 * A SQL injection vulnerability in WP_Query. CVE-2022-21661 - WordPress: SQL Injection through WP_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 https://hackerone.com/reports/1378209 * A SQL injection vulnerability in WP_Meta_Query CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 5.7.5+dfsg1-0+deb11u1 Done: Craig Small <csm...@debian.org> We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 07 Jan 2022 17:51:21 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentytwenty wordpress-theme-twentytwentyone Architecture: source all Version: 5.7.5+dfsg1-0+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentytwenty - weblog manager - twentytwenty theme files wordpress-theme-twentytwentyone - weblog manager - twentytwentyone theme files Closes: 1003243 Changes: wordpress (5.7.5+dfsg1-0+deb11u1) bullseye-security; urgency=high . * Upstream security release Closes: #1003243 - CVE-2022-21662 - Stored XSS through authenticated users - CVE-2022-21663 - Authenticated Object Injection in Multisites - CVE-2022-21661 - WordPress: SQL Injection through WP_Query - CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query * WordPress 5.7.4 just had a removal of an old CA certificate which isn't used in Debian installations Checksums-Sha1: 5fc7a817e1d19a1cd206568483082e3f0d40ec2d 2424 wordpress_5.7.5+dfsg1-0+deb11u1.dsc daebd4d240df13721e9395c8a126f9410ff72141 11472936 wordpress_5.7.5+dfsg1.orig.tar.xz 93a123e4d40ba68c6361a3714a701dddf62e60fa 6825032 wordpress_5.7.5+dfsg1-0+deb11u1.debian.tar.xz ca3eb8a80f927766d96af427915f28c8fbeb9a45 4385616 wordpress-l10n_5.7.5+dfsg1-0+deb11u1_all.deb 414551ed3c22ef0882cf6238f1cb5bf98e7edf9c 500644 wordpress-theme-twentynineteen_5.7.5+dfsg1-0+deb11u1_all.deb 19c5eb6537ac6af7709c1f50786f1ad8dbfc1244 772532 wordpress-theme-twentytwenty_5.7.5+dfsg1-0+deb11u1_all.deb 431c4e3e0577c6439314de81ee8827707a18da6c 2586056 wordpress-theme-twentytwentyone_5.7.5+dfsg1-0+deb11u1_all.deb a71bbc5755672e7c40fc71a50874082230668ca9 7779360 wordpress_5.7.5+dfsg1-0+deb11u1_all.deb 004a20048f2965f159facb15762fabf0bfc3f5b4 7530 wordpress_5.7.5+dfsg1-0+deb11u1_amd64.buildinfo Checksums-Sha256: c1ab1aecdca6b7c5e4131c02cddf9b69e8b6b3d55c4f8107fe04a5a7e75aa5bf 2424 wordpress_5.7.5+dfsg1-0+deb11u1.dsc 150f13d53c08efb3fa69e33d9633fbd298dde45fd50af0222cab2ead09ca7222 11472936 wordpress_5.7.5+dfsg1.orig.tar.xz b21a2ffda8af00094c1a67a265d6f174b7d04449a21600ad0154375cac5be69c 6825032 wordpress_5.7.5+dfsg1-0+deb11u1.debian.tar.xz faf99c2b665ad85d0c67667e7898d29469693a713632c8eb5f3ca0e5095b41e9 4385616 wordpress-l10n_5.7.5+dfsg1-0+deb11u1_all.deb 221ee0e69bb8ce4e1b1833fb2bf35142ad28b2a4423087a93548f5aac3c52b78 500644 wordpress-theme-twentynineteen_5.7.5+dfsg1-0+deb11u1_all.deb bf8f2c1e0fe2c4d0c4773704838215eda62b816c7e5ae79ade2c33d9b848b7fd 772532 wordpress-theme-twentytwenty_5.7.5+dfsg1-0+deb11u1_all.deb 3958bbea43cbfdc60923c1bd934579983df4aafc11c72b84d31518881bf356ef 2586056 wordpress-theme-twentytwentyone_5.7.5+dfsg1-0+deb11u1_all.deb 3765b006133095e890f3c8c379ed472b52dcd8a3e013a9bd44813e54e5b87ab3 7779360 wordpress_5.7.5+dfsg1-0+deb11u1_all.deb 18d8252746afeab78ee5aefd3abb3eae537623f3e440c302d93f485e16f18b96 7530 wordpress_5.7.5+dfsg1-0+deb11u1_amd64.buildinfo Files: 1813d30adccb44b58606a629827bbdc0 2424 web optional wordpress_5.7.5+dfsg1-0+deb11u1.dsc f74701ad8a325395fb362547c83ed392 11472936 web optional wordpress_5.7.5+dfsg1.orig.tar.xz 707e0f7718c30549a35df1c8d440a7ec 6825032 web optional wordpress_5.7.5+dfsg1-0+deb11u1.debian.tar.xz 24b9c36cecc95c9133267ed252c4a3a6 4385616 localization optional wordpress-l10n_5.7.5+dfsg1-0+deb11u1_all.deb 9fd799ebcf264f6af69a895ee4087fde 500644 web optional wordpress-theme-twentynineteen_5.7.5+dfsg1-0+deb11u1_all.deb 0292fa725b9ad98073c3268eef86e43c 772532 web optional wordpress-theme-twentytwenty_5.7.5+dfsg1-0+deb11u1_all.deb 623514601d20997d43b5054d8bdb9906 2586056 web optional wordpress-theme-twentytwentyone_5.7.5+dfsg1-0+deb11u1_all.deb 38e5b3ec439f49b64a8029783d41c8e1 7779360 web optional wordpress_5.7.5+dfsg1-0+deb11u1_all.deb 170f3a2a7aaa597e27e476ec5bccc845 7530 web optional wordpress_5.7.5+dfsg1-0+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmHZb54ACgkQAiFmwP88 hOMHqg/+JLW9QU5mMclIRAM4S5NqW4CdoJQ457kw97Vn0TNl6gefip7fxk8GDVLs oh3ZA/SIFGPS0YfPfPSoHMXGXV3KbT630jg6AncpYOUe6P/oF2nzKAjbCj9MrHtA Bich3VnxszSemld0zQJSyCAq3V5vLNdwSkbQdVDeCoMu5OZ6UN+M+SWPsf1KGrAD p40Cp58nuKm5VFxxGDreLIhH4rnaLAe/dqezZQBNFX0tCnMYCCADvKIhLh6GanK9 FflJBj4PzKOlHq8SsgS+uNC4UtL+tT6IncHjci0bnnzjr+KNAklykKJ3HxRafyXt UCxoXc1SmDa9hAjSHA6k166qRz7wFxVCE1HTCx6iQKGUYAw6AlP2lq5tUF5jfk84 oEf0euLNKrUBekAAyJI74psnf2jwc8RnELBzX10gZl/Rn7Sxmvq3+vnbj0IBFAUy kg7y7kViH8udQE+TtShIdB/zxHQDK+FlgvbAdj0TR0cZMYEzkNSxVW+r8JisxbLt 3vzgLyoEL7qIU7j/iK33NV7YBUcps+9kQ/ZdIdDo6kHUnkjIcjcn17tT+OUCK0B2 J/4MBflknrWgWpRdJmgIx8fP6vQdXtnswqUjEqLroaa/x8b0wyKWSAb/FFUroJFd nBeez1qJZ4CARqVzCE6J3vsXnSiy8c8liXJjkNkeWUfv8PZZpkA= =KA1C -----END PGP SIGNATURE-----
--- End Message ---
