Accepted wordpress 6.0.3+dfsg1-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted wordpress 6.0.3+dfsg1-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 24 Oct 2022 10:36:55 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: wordpress_6.0.3+dfsg1-1_source.changes
- Debian-source: wordpress
- Debian-suite: unstable
- Debian-version: 6.0.3+dfsg1-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=GetrYb4/JP7V2qnSyQL12EC6kfbgXgNFvxY2XDx9N9I=; b=UTw0gXoNux46NK6UnnxOvq3WXE FCt4csTJ1YPbn9FLzY+Rlptl44UtXwBJV3AWG629MCF3QSxV6MVqEP9iPyAyZdj/KqzSrjOJ7xAbS /7HfFZQhRAjaBtNuVgMGbWpCVjvSMs8raUDLh/ZLR+ty2OrvP5y8/Jdq/ugPyHe3vq3FraqdhErpj WfzChAsDYCP01As2PH+u+qVgQ/JrqSEhKlgoD+8WAZxojN+vPW40YO2AUmSa4fcSExpElMbipmiEl LFzBYm0QV4Q/IuhVMC91h1gnyYgB1omowETuXTF8TASVQ2MwAGL447twTMLhcY4CKQrTXgY49qFac LInU+XdQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1omupD-003rXo-Mx@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Oct 2022 21:10:11 +1100
Source: wordpress
Architecture: source
Version: 6.0.3+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Closes: 1022575
Changes:
wordpress (6.0.3+dfsg1-1) unstable; urgency=high
.
* New security release Closes: #1022575
- Stored XSS via wp-mail.php (post by email)
- Open redirect in `wp_nonce_ays`
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Revert shared user instances introduced in 50790
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in `WP_Date_Query`
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS
Checksums-Sha1:
6e3033625b985932e381f0870c7063a937666fa5 2394 wordpress_6.0.3+dfsg1-1.dsc
c6ff2a7cf5f42f559f251eb81b022d08d50dcd3b 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
3504f9040003a78162bb39d74016edcd48a4674c 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz
9ff0284030824a60dbf793fa28b3b4114cb89234 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
d4c403fda1a7396d2a8350afb37e8326df8e61b27846ac092478dd451b1a39ca 2394 wordpress_6.0.3+dfsg1-1.dsc
5f10b256f9072d35a4cb241a804610026d804d5bb448fcd99590d63cce03dd7a 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
b322f85cb4bf966da6398507abe3f5da069d7441eae153ee5395a9a421cb1c32 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz
81987f14a8c77a6a679a28d475d42ca3af52bb72b07783d8081d15955060c2a4 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo
Files:
2f158f9757c884dd81a2db45bbf3610c 2394 web optional wordpress_6.0.3+dfsg1-1.dsc
ec603996838c8011c6f726bc5662890b 15482868 web optional wordpress_6.0.3+dfsg1.orig.tar.xz
6bb40bf7793df5550a9a2a723e633e68 6825356 web optional wordpress_6.0.3+dfsg1-1.debian.tar.xz
a89336dae10033593f0b01e5713d6f7c 7781 web optional wordpress_6.0.3+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmNWZVQACgkQAiFmwP88
hOOKcxAAoUSklfkAAH3MSA5aHR+sQPzL9AENK4CAjIs3fm+mzlmHwM7xH7+XyFQq
JRdaASddiTD2gsAoDKHvSIu7ScQcK+CvG1342FX/vgs7tJkyWBCdDnWvPHfQaTW6
DcdWOADtZDca60qowQDJOrTsINr7/Mwi6pEOnSRPP42pZ2kJufCQu3lptyjdEvYZ
H74tuHxzZc4kkuSgsy6dTGq0D8PQYtf1UMrW871PxqKtl9oMBVA2yLrf0cxqr53C
26udn5U3nvKtkgfWzITC9a6n3DIROc0wuotKpmsnedunCslRoY+KaPfmSNDjN8hn
AebwlkWQ+rcTBPSDePT27ljFcBLIakAXoqB9YnIUhh+X7nl6Cik3lO9mGuG2E3Hc
tojVzVrJX3RYecfi3JzZY/N0B/s951EYg3+isxCBz4aTJ8v+ZlIB3iiFIDQlinGH
rwBa2TGLyXIOKtuZ1dorOD/0uZmZzNw+NMlaVJ/7mUax1AHlQyDqhDyvncE9qbZj
V6NwZm4WE4HsBlgsxLMn2T2Cz+Tu0NQhiRhPliF1lVqCv7gAQ86utqf7fIKt+Kv3
MZec3XsDXSlkKSX2ngL89Mn2fKxOM0+68VMYvHXasi8PYe7K3rSnK8K9QWLqNdF8
nYsiLxUOipKgAzAxxKMTWk3HPpamRfyAC1AIopps+TFwc7huCjI=
=dEFt
-----END PGP SIGNATURE-----