-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Dec 2018 10:45:32 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyseventeen wordpress-theme-twentynineteen Architecture: source all Version: 5.0.1+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 916403 Changes: wordpress (5.0.1+dfsg1-1) unstable; urgency=high . * New upstream source. fixes 7 Security issues Closes: #916403 - CVE-2018-20147 Delete files through altered meta data - CVE-2018-20152 Create posts of unauthorized post types - CVE-2018-20148 PHP object injection through crafted meta data - CVE-2018-20153 Edit other users comments, leading to XSS - CVE-2018-20150 XSS in plugins through crafted URL inputs - CVE-2018-20151 User activation screen visible to search engines - CVE-2018-20149 Bypass MIME verification causing XSS * Themes: Remove twentyfifteen, add twentynineteen and make default * Remove remote emojis Checksums-Sha1: ae9d2317c4dd04e09c87cb31b7e44b4471600222 2435 wordpress_5.0.1+dfsg1-1.dsc 83622d0ea85c9bd5170c0decfb5f106ae6abd409 7835368 wordpress_5.0.1+dfsg1.orig.tar.xz 92e436c5e5cee27f4e5dea396587f4517bd189d8 6817480 wordpress_5.0.1+dfsg1-1.debian.tar.xz 82366286dcceda252c339fd9e87bef9249d2c3a3 4383756 wordpress-l10n_5.0.1+dfsg1-1_all.deb 7fa277e8207a34c7d891c5227a8edf14bcb6e7f2 305372 wordpress-theme-twentynineteen_5.0.1+dfsg1-1_all.deb 87471deac654d63f841de391158bb715abe9c5da 945008 wordpress-theme-twentyseventeen_5.0.1+dfsg1-1_all.deb d87543a17b53ee26a4cedb2eaa5777ca6e0614cc 593000 wordpress-theme-twentysixteen_5.0.1+dfsg1-1_all.deb 82ab6a6f494edfffa6c77e9dd9dddbe668629381 5994928 wordpress_5.0.1+dfsg1-1_all.deb 2400b27c538189cdeba919373fbc00236b8271d0 7219 wordpress_5.0.1+dfsg1-1_amd64.buildinfo Checksums-Sha256: b897c69e10f63270695d079c84fa6a592a425dc0b926b0f20a4e99877a2cae26 2435 wordpress_5.0.1+dfsg1-1.dsc d05557f8bb374f5ac6bfa2ecd9682862ac7ae3753d6ab246feecccf2c994e8c3 7835368 wordpress_5.0.1+dfsg1.orig.tar.xz f1c4551357d0d58b9b79ccfc5e196425dfd896a43864805fcd4093fc486f3fc2 6817480 wordpress_5.0.1+dfsg1-1.debian.tar.xz 0f633c61cb6259a3da29fb6c5134f4e20a3cffc13c62a4d8295eb14e63d24479 4383756 wordpress-l10n_5.0.1+dfsg1-1_all.deb 51673d4fe6b47edb367d5c56cb173e40aba09ac5538cefcc0968dae2ef9a913c 305372 wordpress-theme-twentynineteen_5.0.1+dfsg1-1_all.deb 6723cd855fcfa36cb511a1716e6556b3a42ee1dec491132fa8a8eadc7366de0b 945008 wordpress-theme-twentyseventeen_5.0.1+dfsg1-1_all.deb 8ab8b7eb104f95bbe727e45f573ab10c1ee85a52004347cfa678332ccab175be 593000 wordpress-theme-twentysixteen_5.0.1+dfsg1-1_all.deb 933363d13a5fcc4b485a302c40c1dd9b74c2f9d65a5cf43a619f41f8212f5522 5994928 wordpress_5.0.1+dfsg1-1_all.deb d0e7d4e13b35f3416fdc066974d697b2e018e1a93e9f15862868a9300eda4407 7219 wordpress_5.0.1+dfsg1-1_amd64.buildinfo Files: 95f15a90e70b8b96981b067a146c73ad 2435 web optional wordpress_5.0.1+dfsg1-1.dsc 847eeb7cce6ed842ba1b3acf3cbe77bb 7835368 web optional wordpress_5.0.1+dfsg1.orig.tar.xz f398ce1f3903c0b4fa944b2a4bcf4907 6817480 web optional wordpress_5.0.1+dfsg1-1.debian.tar.xz 939f2414a7295e98ffcc4fcdb1ada8eb 4383756 localization optional wordpress-l10n_5.0.1+dfsg1-1_all.deb 6265d0cdf898ddffac8eeb665f32a224 305372 web optional wordpress-theme-twentynineteen_5.0.1+dfsg1-1_all.deb cd02538b2644ccdf191facf6ba6df510 945008 web optional wordpress-theme-twentyseventeen_5.0.1+dfsg1-1_all.deb 4b9248376c6048f7e955915ae045211a 593000 web optional wordpress-theme-twentysixteen_5.0.1+dfsg1-1_all.deb 54024224ba3e9d74ed7d7ca0333746a0 5994928 web optional wordpress_5.0.1+dfsg1-1_all.deb ed48c242a25ed23a1cf1df5594a3b580 7219 web optional wordpress_5.0.1+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlwVk6MACgkQAiFmwP88 hON9VhAAhkAV/rxIDJlFcvx81MQsphFqMAl2t9Fvn24bQu/uS0IZKSHK81UC7J04 emj1Ta5ukNETASdfgVqx7t+tyB5PoLOVgclu5P8c9gLyBNuRFX46oBaQD5rIhrJ/ 0yMt//xr0ORVZEUIKWEe5aa0ne16oTfjxOQnAA1UdA61kdxkmFu80wcsvyc821xt DbSCpVR2ZeOc+JpWKWsUJ+avw0tFkHrLLeE2wXfIyNXynja7lQuG4QIDw8zVL/as bSf21JC3mTXtmrGHMCE/jqkOdyNfBDcrRe89RV8IEC8rBZgjrEP3okxdAdtXvxeY lufrHH1jwsaTKySwmGzSt+IirDzkTVfl0+cEmAmKZ17guSjPaw8W6m8xT4LDZb97 z5g0Pb882bSx7+pkkKJKRmTA4OaTh6keRwPntoObtro3nr3zJOpFz3XbI3AkVOx5 dbdKubfctzc9kL1Ixul33cPSz8+pySLJTtxrxTHTRvsP8wZqeqtpL6nlMvH6B10Q Yqpal/7rwL8LH0wai84RtlNESQnZ8f/N5/dUOzY5oFWHfjRlfsB9Q7K9bwrkUKNN UBSENtUygF+Gb65RbFQPmtu26i7l8yCgAabrMM5DUPqba5yR0R3gbtc2UcbEvKdu 5zel85uU3ItE0xsKEzPJaTFaohmbI8eAyGAs3ry875pJDdxMmeI= =8hGf -----END PGP SIGNATURE-----