-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 Feb 2019 20:25:00 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.5+dfsg-2+deb9u5 Distribution: stretch-security Urgency: medium Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 916403 Changes: wordpress (4.7.5+dfsg-2+deb9u5) stretch-security; urgency=medium . * Backport security patches from wordpress 5.0.1 Closes: #916403 - CVE-2018-20147 Delete files through altered meta data - CVE-2018-20152 Create posts of unauthorized post types - CVE-2018-20148 PHP object injection through crafted meta data - CVE-2018-20153 Edit other users comments, leading to XSS - CVE-2018-20150 XSS in plugins through crafted URL inputs - CVE-2018-20151 User activation screen visible to search engines - CVE-2018-20149 Bypass MIME verification causing XSS - CVE-2019-8942 Remote Code Execution (RCE) in uploaded image files Checksums-Sha1: 460597156c19c5184757ee0def60c777ff9a42c4 2567 wordpress_4.7.5+dfsg-2+deb9u5.dsc f203b60b65e5f3752021ec841d00356e4ff7ff17 6796760 wordpress_4.7.5+dfsg-2+deb9u5.debian.tar.xz b4211510d8f7d6c5132d7de2052e81685ae545b8 4383668 wordpress-l10n_4.7.5+dfsg-2+deb9u5_all.deb bceeaf41b9159ca49a98050e0061933b2397f7bd 700948 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u5_all.deb 54362585d9647913b2319fa0a22994e1aae6c184 940798 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u5_all.deb c8c2735ede36adf7a1486bf28d57f421f2a49a11 589792 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u5_all.deb 93d149114230f84f8a26a3ed240bd880f5fd2939 4003568 wordpress_4.7.5+dfsg-2+deb9u5_all.deb b303be374aff0082ba75eff729b42611636be5fe 7445 wordpress_4.7.5+dfsg-2+deb9u5_amd64.buildinfo Checksums-Sha256: bc46b50915f4c7d482fd1fd3ba61d3901aff4439681f5ff8a2690c3c8bfc2d1a 2567 wordpress_4.7.5+dfsg-2+deb9u5.dsc 0c2eabf24870dcba9d2cffd77931f1fd8b566f3e76e5560f9bdcfec2df7970a4 6796760 wordpress_4.7.5+dfsg-2+deb9u5.debian.tar.xz d00490f520ebf1f3bdab7be92939e07518b0a46a4c293b635c5ca1bf22be0f22 4383668 wordpress-l10n_4.7.5+dfsg-2+deb9u5_all.deb f33d81386de882a3e639d9723b80bf92c7ead4669f65e5596e0cd0b855cbebfa 700948 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u5_all.deb 024887fb7d6e6a5260daf8172157407527b6818ac76aa5b33436c25f55d7d65c 940798 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u5_all.deb 98d9223ec76ad6024dd3ab78007a61bb06717d362b3e1409958f4f79add16955 589792 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u5_all.deb 8ab4fbd1f56562c10bfd4af2a4e34b00659b633624e4143d05a168328e3890f1 4003568 wordpress_4.7.5+dfsg-2+deb9u5_all.deb d6824818f70579b258782a9bc97feaeb875d367320a1997ef2979010f99d22c7 7445 wordpress_4.7.5+dfsg-2+deb9u5_amd64.buildinfo Files: e7d84a51d5898419bb56757163267055 2567 web optional wordpress_4.7.5+dfsg-2+deb9u5.dsc c300655016d66421b8ad726a4d650f64 6796760 web optional wordpress_4.7.5+dfsg-2+deb9u5.debian.tar.xz 35e902954803fb3390c8645b93bac9c7 4383668 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u5_all.deb 0b0c4cf08bad7f77c2f2c2316bb34aed 700948 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u5_all.deb 5decad61af62fd09f78bad531dbd1a07 940798 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u5_all.deb 06574c52e070e264303733828d0cd55e 589792 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u5_all.deb 0b517dcf4510c6d8a55763274ed41bd4 4003568 web optional wordpress_4.7.5+dfsg-2+deb9u5_all.deb 93412949d2139fdaea09a98ee7774acb 7445 web optional wordpress_4.7.5+dfsg-2+deb9u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlx4le0ACgkQAiFmwP88 hONaZg/+LsCt1Ry5lK+bWJYcrQMJuf8AkRF+dJKhp/7r4hH4zr6maGLv0uVtWkOZ guzUN9uQNQY4iJvvDOvvpGxITC9USgep12VXyr/NfkH32e/nsUwxZqP3AV35rxUH immQIVkp0TBVzyJA6Dz7zykL4pyQg1IPgFMwzRljQh280W5lYspk/C7dKzlLrirz 4rmop4Qd3rU14uIaOAjwRoy8FRgT0RiBVdisu2JGrnSXt6U5IS/0OndcTbiRN4bM 1oVUB17wiaJYEeUjeaWD+V+ZAS6CH11O0tvxA5X1089bdp/VvMnlmA/mWxeb35AB TdHEKVCw8qUJ2pgnIEcaPOu3nCE1Bgu81TlTHkR+96OSxMya46V+TembW/lxYzvb WyhBog81GPW82R6X397mo25VFEg9EmwUTsPCm5XDpb0O0LI6rmfCsxjGNxl9Syf2 MvWF27P1yTTca5+XbI+ym15URv2rwvA50qe32pMHq0RPgh3W1NMS0m3tpClpvikD LNMz2x2Mj5irv+c5Y09/bpdEr1XgrlpOb3kQ6vlNAgdbJcu8GvWkv3jR/mZDfTzg QwdfYq3XEBq7tiyj4sjEr5lD2wUB+4aLghhFuvRhyAdHi6LRISYHYXrtN9Q1nmky FCUbMnRzvrnS9sk58OiNp5vMpY51ccFjxd3luc9Q0UqEj5ch8Vs= =XldY -----END PGP SIGNATURE-----