Your message dated Sat, 05 Feb 2022 19:03:55 +0000 with message-id <e1ngqlj-0008gc...@fasolo.debian.org> and subject line Bug#1003243: fixed in wordpress 5.0.15+dfsg1-0+deb10u1 has caused the Debian Bug report #1003243, regarding wordpress: WordPress 5.8.3 Security Release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1003243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003243 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Version: 5.8.2+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> WordPress have released version 5.8.3 which fixes 4 security bugs. https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ * An issue with stored XSS through post slugs. CVE-2022-21662 - Stored XSS through authenticated users https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w https://hackerone.com/reports/425342 * An issue with Object injection in some multisite installations. CVE-2022-21663 - Authenticated Object Injection in Multisites https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h https://hackerone.com/reports/541469 * A SQL injection vulnerability in WP_Query. CVE-2022-21661 - WordPress: SQL Injection through WP_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 https://hackerone.com/reports/1378209 * A SQL injection vulnerability in WP_Meta_Query CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 5.0.15+dfsg1-0+deb10u1 Done: Craig Small <csm...@debian.org> We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1003...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 08 Jan 2022 08:06:09 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentyseventeen wordpress-theme-twentysixteen Architecture: source all Version: 5.0.15+dfsg1-0+deb10u1 Distribution: buster-security Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 1003243 Changes: wordpress (5.0.15+dfsg1-0+deb10u1) buster-security; urgency=high . * Upstream security release Closes: #1003243 - CVE-2022-21662 - Stored XSS through authenticated users - CVE-2022-21663 - Authenticated Object Injection in Multisites - CVE-2022-21661 - WordPress: SQL Injection through WP_Query - CVE-2022-21664 - SQL injection due to improper sanitization in WP_Meta_Query Checksums-Sha1: 4be07b5016ccd61feaca7b2a42e8e38ca865cee5 2481 wordpress_5.0.15+dfsg1-0+deb10u1.dsc 2551f5d788e3d51943a9fea2e794e41d9de9564c 7866164 wordpress_5.0.15+dfsg1.orig.tar.xz 2e7d90386e2688e20f859fda7b60e708f2424c3b 6819796 wordpress_5.0.15+dfsg1-0+deb10u1.debian.tar.xz 1f0e26c33409ca67b4b015b89cb02771ad3f537e 4386328 wordpress-l10n_5.0.15+dfsg1-0+deb10u1_all.deb 010775300dccc91b6f817c1876be0bfd4b27a495 307288 wordpress-theme-twentynineteen_5.0.15+dfsg1-0+deb10u1_all.deb 9b790ef59e675808a0464e8018908afc6cf999b1 946868 wordpress-theme-twentyseventeen_5.0.15+dfsg1-0+deb10u1_all.deb 82d6e240d5d486e80235562b25d11225fe318db7 594616 wordpress-theme-twentysixteen_5.0.15+dfsg1-0+deb10u1_all.deb 7a343345221c698602f68a69a5f81ab94b8024ae 6026352 wordpress_5.0.15+dfsg1-0+deb10u1_all.deb 099565b86fc4be1c076099c70eb2f20a5a21da53 7368 wordpress_5.0.15+dfsg1-0+deb10u1_amd64.buildinfo Checksums-Sha256: 2ce0de5a66a01d1ef57ea2ba145383a5d6a2cd0d93b8677f876e9deb84530790 2481 wordpress_5.0.15+dfsg1-0+deb10u1.dsc 6c335070975225a4633f7702cf60a1ac3b70a332961695f89f6ec35ccb3c850f 7866164 wordpress_5.0.15+dfsg1.orig.tar.xz b97fd073edd3881234e3102293b0fd9eeb7a4817bbbe9b5aab861962835a2f54 6819796 wordpress_5.0.15+dfsg1-0+deb10u1.debian.tar.xz 25a1e69c2234a7d2c1226a19b9436f5f7f4c148f6b334d0606241143e2133cbb 4386328 wordpress-l10n_5.0.15+dfsg1-0+deb10u1_all.deb ab06a66b041fc21d0826f3c0cfd5c5fca7f6a13ea95d449d0e29a2a90e6b7d2b 307288 wordpress-theme-twentynineteen_5.0.15+dfsg1-0+deb10u1_all.deb ee2d0b2c7ec2cf06b74b77be6f5a70541a582cc4f9441f8d669821e35ae36b4c 946868 wordpress-theme-twentyseventeen_5.0.15+dfsg1-0+deb10u1_all.deb e8b2e30cda17c6f8d6eca9f7a4eb28ffd72b3316a10a3d8e047665f7461ddbef 594616 wordpress-theme-twentysixteen_5.0.15+dfsg1-0+deb10u1_all.deb a6898ea9b9c22443080927a6f273d30ef4853c5df2a0b40ead2c48e30344103f 6026352 wordpress_5.0.15+dfsg1-0+deb10u1_all.deb 9e244e7bf73b6b27cdce58e733f00bf7040f2fa9052fa69725dbef0ed4634818 7368 wordpress_5.0.15+dfsg1-0+deb10u1_amd64.buildinfo Files: dfe467365c10ec5d04bbaabcc85fdf37 2481 web optional wordpress_5.0.15+dfsg1-0+deb10u1.dsc 7fb528fbff054905179551bec4ecd449 7866164 web optional wordpress_5.0.15+dfsg1.orig.tar.xz 2fbc062279b0e72d4714e18c6f492197 6819796 web optional wordpress_5.0.15+dfsg1-0+deb10u1.debian.tar.xz cd525615e31ced9fed4b5d5ac7f49505 4386328 localization optional wordpress-l10n_5.0.15+dfsg1-0+deb10u1_all.deb 671aaa52cd99ca9d796c9aa8c0eb5454 307288 web optional wordpress-theme-twentynineteen_5.0.15+dfsg1-0+deb10u1_all.deb 00ea461317f0e7ae970eca2e5a560371 946868 web optional wordpress-theme-twentyseventeen_5.0.15+dfsg1-0+deb10u1_all.deb 9d499bb6f20df7d9834f4d9751a616a6 594616 web optional wordpress-theme-twentysixteen_5.0.15+dfsg1-0+deb10u1_all.deb c333095821fadf82fedbcd368d765037 6026352 web optional wordpress_5.0.15+dfsg1-0+deb10u1_all.deb 54f93fc701973d5ed38196814c9c591a 7368 web optional wordpress_5.0.15+dfsg1-0+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmHZbkUACgkQAiFmwP88 hONxQhAAiFRgN/cR1dsg14LS3+FfH2TPUcQH8fq2sXDV7/dQNGTMnMMIroJOKLkE avhXHvHWcl7iBy0Uu65iXoSuODPWtCfR3iknJYwCJ8VcT1f9mKxAIZnVtJAl5fLw SbQwLvq42B/0r1KTYVT8lMTl9L2I5b3NPSuojMNC4i9BIt0UyEBhKMPa5/ipccjD MxoK+91czgAcxTDZTYjmBqC85zW+Drspj0sv4tkFtb4qU8pABzzxTj3H8nvnRrDJ me0Yo/Aw42/l1c+LLr/es9HrMs7Lsph9qLon5VrqlrzTlKL4vusjIegUBm8zdspy BJcL4feWM545kXeFE8aWfbz2h+dY0999zKCOqIC3B6cqyzmbq1SUYSaJsH5jlkB6 WaO9LsCAdkei8U4eCd7iLp42F644HtuRn1sInZ03IipwHFyhWcUCxoIxvfhlUUYQ s63hnK7GOPBlumUJT/6PD22bJL4hDTP7n0AfFoLhnvqDouGGe23pMB2NvfHUF61S QHzpYl8FnXsDWU9C24az+aWIS2Jg+s2OgQTxQmKNyAObq3cggvsQWK0uCOh5sw22 75kH4u56suCwyKmWLpe2W1PKoqnaMoJV7Tu8Nfbw4RPxwLI/0adLytVz4UszfU8B Uy4d9Za/5CK9HS9pXt/qPFdvksA06ZDqBUqMObxXq2xw8OSECjM= =hjcM -----END PGP SIGNATURE-----
--- End Message ---
