Accepted wordpress 5.7.8+dfsg1-0+deb11u1 (source all) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted wordpress 5.7.8+dfsg1-0+deb11u1 (source all) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 19 Nov 2022 19:49:17 +0000
- Debian: DAK
- Debian-architecture: source all
- Debian-archive-action: accept
- Debian-changes: wordpress_5.7.8+dfsg1-0+deb11u1_amd64.changes
- Debian-source: wordpress
- Debian-suite: proposed-updates
- Debian-version: 5.7.8+dfsg1-0+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=NtA3awU86sesUkBjv1GNRYhZEHFF6NBqalzXKsS6oCs=; b=CLLxGHR0M9fp4z/E7NwN9uwf4/ hq84DJyUGyqfGaw5MVOk8bPPytqcw32lXXW5isagiICuahSDq7gr4SiJzsP2sp4I0MM4OYk1nURll vOZ6BlQJVzKcMP+U8bkJgPbJ4OL534Q6PMT9iwOTD9xeBXTb0kChJXYzTfsxD2j/YZ7IzvzOgL+tI HQzw0A/ChsOVVA0pGqvpVhApExODu+3/psJqzk0j/ZjdrVRAk9BJ0jTq64Hi17QVJSILFwBmc7Cs8 gc2XmCFGl9A+npKZ0/HMiqYYJGXyWdSQFInh20EPfEgsKWQbdlTRaoOioUPgIQDWC5wpMThQ+gTx9 plXg7kQw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1owTq1-005QnZ-D3@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Oct 2022 21:17:07 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentytwenty wordpress-theme-twentytwentyone
Architecture: source all
Version: 5.7.8+dfsg1-0+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentytwenty - weblog manager - twentytwenty theme files
wordpress-theme-twentytwentyone - weblog manager - twentytwentyone theme files
Closes: 1007005 1018863 1022575
Changes:
wordpress (5.7.8+dfsg1-0+deb11u1) bullseye-security; urgency=high
.
* WordPress 5.7.6 backport of patches from 5.9.2 Closes: #1007005
* WordPress 5.7.7 backport of patches from 6.0.2 Closes: #1018863
- Possible link SQL injection within the Link API
- XSS in Plugins screen
- Output escaping issue within the_meta()
* Wordpress 5.7.8 backport of patches from 6.0.3 Closes: #1022575
- Stored XSS via wp-mail.php (post by email)
- Open redirect in `wp_nonce_ays`
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in `WP_Date_Query`
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS
Checksums-Sha1:
8a24c12fa6495971f13d0cc95b9137b1bf4a0fe0 2424 wordpress_5.7.8+dfsg1-0+deb11u1.dsc
2ef14f4d9ba1add1470bf544bb4d3c337303507c 11490472 wordpress_5.7.8+dfsg1.orig.tar.xz
9fd8204a5d726128191afbe9a9d6ef3c9c3e7527 6825640 wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz
764bf5625a15718a85209f2b20ecccb9d50cc559 4367604 wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb
88f80629fc0007584cae2797e282a811b747e049 484420 wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb
65c4208bb78cf4802f7a1744a98ee4d5496072f1 756868 wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb
306e315caebf2fbe130d71ac08692d62405c898b 2569952 wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb
6e850ae3fad326bd9c7f17bafa3ecec46bd60ef2 7769372 wordpress_5.7.8+dfsg1-0+deb11u1_all.deb
a44832de41f96d07db981b26d2f06c4add8b9d25 7926 wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo
Checksums-Sha256:
d2db41ab0fc0362b0356ae117eccf23275439f81b2d19883569cacce2f286bc8 2424 wordpress_5.7.8+dfsg1-0+deb11u1.dsc
e9ff53bf3935963acfa14b02ad79b98340251e8fa2286e84353ad2fa6b4e982c 11490472 wordpress_5.7.8+dfsg1.orig.tar.xz
71e519b00c0938703a9734a8e59ed399d66adff7781e17ed6ade11d29a0c7f32 6825640 wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz
f0bb012e0c091db3a8eaacb2541577f95d6feaec756d19add00430c486fd1aaa 4367604 wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb
a58eeb86e4dae4655c055c58851f57b520e11c24dedaece3bfec7ff325358f75 484420 wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb
6cea0c7cf2a8fa30e4bfa303ac6a6738bd6a15bb1c324f722a50699a2f5bfa5a 756868 wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb
3c8a544c36c1f21b697b409e81868f072c657f3bb04f95198bd482ad68233e63 2569952 wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb
0edc246e2baf8de67ed1b257ac4ce3ff31860ccc1344dd1bbb038441d0ce9149 7769372 wordpress_5.7.8+dfsg1-0+deb11u1_all.deb
7bbf13f2223e62feaa0653a43374895b474526d95265ef6a230c08a1143c4d54 7926 wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo
Files:
2c0cb2965005d7400f3edcb36a77fa99 2424 web optional wordpress_5.7.8+dfsg1-0+deb11u1.dsc
23282d7c572ae13f0f02bca67d57abd0 11490472 web optional wordpress_5.7.8+dfsg1.orig.tar.xz
f2954f5d8ea4a0fc4e4ab57df6340eb0 6825640 web optional wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz
3db6b2ed409ccd1c5e069bc8c76d302c 4367604 localization optional wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb
e559c330d5c4b80c6100f14551e4fd3a 484420 web optional wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb
fc53adb8bda2803071c325a7d131667d 756868 web optional wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb
8dcd1e7efcc05c386706283c4ec15157 2569952 web optional wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb
22d9bf63da45ea6962e98fbe1d7e9881 7769372 web optional wordpress_5.7.8+dfsg1-0+deb11u1_all.deb
1edcab5865898b7ef8da3f39989779de 7926 web optional wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmNzZWcACgkQAiFmwP88
hOOqzg//cKMlv+/XWIFRslMlbE9mEvCx440g1t85dJwQssVgPRAGzhLl1k+GsB+W
G87YdMDwkaTNNpK3w2nPqolRAGYzkcu71ZELWO4MoyocS3+Xt4dEPmjcReheQklQ
DN8ukTn0c9nEDu9gwcs6FXlMUu24fhxhaT8Mn5QCGwPWWLwh7lqgNSs06aP4nfJh
EuGoUgLKA0zk8fTG6Iwgos3gPTSagxI5mlrmIziBTTyb56JD3biOSJk6CpTCxshM
PMUwoPoVrg8GI+cLAhjDngwbjQo5MItge10QcStEibD/rKEaVM1a9D6h+I/8s3bE
W+JKapWsIzA7GlVj6z/wbXyIDOfFT5iOmps83ZZdVRHxzAl5fxkxG7zmcsAKTJep
WCccjTvzZsn+2o2GXtnmYLNBjcsxdD/uNnNOxRgWqFsYsrbjakQjoTAz+YZJ02Ge
FoSzc0S21up/59Bjwv2aMArDFaCVVnnuuva0TrMsEbEbjj0lfCWHDPlwKDQ1Ddz9
C+bApvEvjvz7kQ1BqIKCY7TtdAVY20Cg9/hdAbr0IEDwq5lGXi32NmPgsrHzndxw
qVw3jC8ptKABl8hrmWwkIpkRL3asQNcwRNFV0QnaRQT9fS9z7AHIaoSN6Jr3/CPj
Y4mS/H+rSWsqjz22f6H6SUoc8JqkrmOS0tLzjdE+z1G7IaqRW14=
=LC2P
-----END PGP SIGNATURE-----