[SECURITY] [DSA 5279-2] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5279-2 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond November 17, 2022 https://www.debian.org/security/faq - - Package: wordpress Debian Bug : 1007005 1018863 1022575 1024249 The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable: this update corrects the problem. For reference, the original advisory text is provided here again: Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. For the stable distribution (bullseye), this problem has been fixed in version 5.7.8+dfsg1-0+deb11u2. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmN13KoACgkQEL6Jg/PV nWSnyggAvAS8Crzgp8xW8FvZ20pEz0uXm8oW+5sUR7U+c6vsUPXBa2yT+pLNyCGn Ss9ffvl+IVnfZEHK70PvK61thKS9yhtse0fy25HljMnsBBSzMtjZEwZOHGpERNRW Yf7Cm5ubIlKumKLodGh+Ecun01DRawfG/W4V+sBnDZWGdn9+B9K6q7vYLRDowshi sdJczvrRn2vr88V+LLzbgVDv3M1WcM+dbyEOOtxY29ELuHODgafZNIiMyjxpy3RI iZg5c2uS4RxojN61TxKpD2ewdSRrqAy51SspUSMZIV9l2hQkhMfOm/8x1MLAWVO0 v/PaS8NsyR1P454NCwhRRmNbJ5252w== =hTKc -END PGP SIGNATURE-
[SECURITY] [DSA 5282-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5282-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2022 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or bypass of the SameSite cookie policy. For the stable distribution (bullseye), these problems have been fixed in version 102.5.0esr-1~deb11u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmN1MS0ACgkQEMKTtsN8 TjbLmBAAvNyETXc0dcwyCQIi/l6KVCLVwzQ8na8zSbrZZGzhebA7WKqeryy8O4f/ 8qv/chi7chHIlSY9aHkw65fDklAIkKomXUi+E58yvuSa1/DyYBGpQMoWrzHE4hAq s+VuZ/FwY/QiNeOXo0q44PuT/cjBY9LEUciJSywEK/YI0fPDG+F1VbaCK0EOvw7Z xi+VxVCkN6UIF7g0Rr3eibTWKgZi/EHrMgtA4UYg5ml6INVo306azZlDtTfZHymp U48OKweMBEWpk0/f6rHmpTuWPWsuzLlpECeBRj4OdJOjmnjprhKJxE4KhHCJkYfV OLBh0SPjIM8k6bgzgXhD3Lc62xE2mqfDHYkIhMtm60r9GZbJzlEht8qeYLtlibfp m+IGx/RJDeuQJTv5jzsXto/lY4zThl/++E/30ecH7ynqj1R3394BAd9rW2O2rWcr Wyas8Wa5Qpt7R+/OULq0OEAflT9m4HY3unflxIvmyTSINjryyKFe5Ns4uWB3E5sD BcnV4hqY/NOkUBVaZEhqmL9bvMvtviwj0eDzJBqVgOUxcy+IiT6aCCC4Dnr/CH3O dv7KHHpexKIIT80/uPNZPv2d5nNZXW5JO4ycD7lrZktjCOmXBHkJ2UJiQ3EiGJF6 POIOInrEikwV7DqY1ix4uKbvl42xrsa7rZUYHWylFOS9gnFcJOk= =5Vwd -END PGP SIGNATURE-