-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jan 2020 23:24:13 +0100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1.29+dfsg-0+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Craig Small <csm...@debian.org> Changed-By: Sylvain Beucler <b...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Changes: wordpress (4.1.29+dfsg-0+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * New upstream version 4.1.29+dfsg; fixes CVE-2019-20041: wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. Checksums-Sha1: ab56ff20e1d7739ca271dc12994ef8dcf048042c 2223 wordpress_4.1.29+dfsg-0+deb8u1.dsc a2a7200ab6924af21b3e2bd0161869332603f61d 4644596 wordpress_4.1.29+dfsg.orig.tar.xz b91b2567ee2ef38e678dd5238a79832e1a56566f 6079436 wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz df2f944a4db2da7d1a4d1430584ca316b12aaa96 3069732 wordpress_4.1.29+dfsg-0+deb8u1_all.deb 21d7b2fbce3cdbc213c472a6c98e23c46c214f0e 4190000 wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb 82985760629d960d6d8c8597f4aa4c689ef4ad49 505770 wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb a3eb43a1ac368a560aca48f696ccd4b8df4124ac 804786 wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb b396e3cbad4c8ea4f7a97c4fcc04e1143003ede4 323804 wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb Checksums-Sha256: e3db8fe777b3e3a7a9bb818ff543eca34e8cbe3a922448404b4e3739c9f93385 2223 wordpress_4.1.29+dfsg-0+deb8u1.dsc ec71dae91e9de3d04633139226b58fe6edab84ebfdcd7f660e8eb68f8ad51c23 4644596 wordpress_4.1.29+dfsg.orig.tar.xz 18ee7feb02c1394e608191fc711586d7da27c7348b078fa9240f9aa4239a40b0 6079436 wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz 66c0526136ef68c8b95c0a6044171fe22ee4281575ff3cf8e9142cb85b7941d9 3069732 wordpress_4.1.29+dfsg-0+deb8u1_all.deb f888682f14b76d4069ac41aa15b1e85f4838bdcd4348be8a71a2c15d38ca5e07 4190000 wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb 4bf7bee755a683cd340a95470166350b6c277d00a6330e668a162d8fcf4b0088 505770 wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb e62c2c3320fb7c8eaf2849b1f24c9e7300bc2a4860022cc81cca2295d7cb1f7d 804786 wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb 2b252f33cb61d58b5a8229b52416f1fef8502f1cd8da1d605e640504df8970ee 323804 wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb Files: 41295f56a19ec1f0f5b4ad49948aa200 2223 web optional wordpress_4.1.29+dfsg-0+deb8u1.dsc 887c2d35c5d63c850a76c51f0955c2e1 4644596 web optional wordpress_4.1.29+dfsg.orig.tar.xz 08deaa0a35dfc420d0f5048ef9375358 6079436 web optional wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz e237726bed4cba4f9f18534f257bb7ce 3069732 web optional wordpress_4.1.29+dfsg-0+deb8u1_all.deb 36f34cace8de9e7e72e4141b71abdcea 4190000 localization optional wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb a0ae9e898b24e35b6069bcc632199c37 505770 web optional wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb be25b870604de0ef9726778da12b5708 804786 web optional wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb 10d4f3c018eaa0e29aa84caa4bbeb6be 323804 web optional wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb
-----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl4dppoACgkQj/HLbo2J BZ9/Fgf9HDmal7elzRPVtqcMPYRvYa0NkgJTgyAIQxeWqhZCC3jXGkMdmMdE1fL+ yhsjIReTBPvHEOM8ubTjXVSeZjFAfq1YGgWroIfEfujHqlxhxmASwUVqKYdMT7lD TZwmhw5WBsdw0JrSCugu6GOiB/LXtIpXfVFmi2+C9AHD2wpzbQuIe4pVjJv6jrv0 QRkI2f+7WkhAqd0MopKA/fSiygDW5IgePmpDDrFBnDzLg7PQCAW9eFpspOcKXX8f K3nxJfqv2YTds6ej3PJc9fE/ssXXO7/3bwsmkXqob+WawgXN+4jjyKqwJN2UzpDW KMFoEUAUMzOOuwEL0T+3EAcgYziUtA== =+d20 -----END PGP SIGNATURE-----