Accepted wordpress 5.0.19+dfsg1-0+deb10u1 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted wordpress 5.0.19+dfsg1-0+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 20 Jun 2023 22:10:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: wordpress_5.0.19+dfsg1-0+deb10u1_source.changes
- Debian-source: wordpress
- Debian-suite: oldoldstable
- Debian-version: 5.0.19+dfsg1-0+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=69EuDvH3S8UkUNmhz6m4/l88qI/B+p1Ayz7W50Hps1Q=; b=fpsRRhv9eMvsx49XfblWfiEtr/ YnaWSvtmpIRenb7fWHbS18xnlulbxlF6WRQakCjshpKeHItaEmEIaFZMcVwzJWCGumnPxvbElyeKn T0bvQuVBEwTnhjVReRp7ZtUgoJQ9XVZBGJdU50isZJAVtirrsnFINH1oOCrktxXRXK8MtKL5BEVNU OPnoq8u/CZYP27gVX5qXY+EM83hyxmnuZ/65s23b9iaQ2Jyq/b3VGfj8w6K27tIJSsEWNvam3HvYx TAQKkEUnoq12KX3VUvPyx7WCGdBxue+196v8taMMDOJpEcBepMnrM8k/ngJDgogJrD4kennWIJObj 7SfPZmAQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qBjYM-00BNZ8-92@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 20 Jun 2023 23:38:30 CEST
Source: wordpress
Architecture: source
Version: 5.0.19+dfsg1-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
8e834e5378c247ec002273e1428e6466acaee468 2632 wordpress_5.0.19+dfsg1-0+deb10u1.dsc
7429361b9cd1d446bf6abdfa0f0750ff35d7a01b 7895576 wordpress_5.0.19+dfsg1.orig.tar.xz
9b4bc6a344b454bdddecdda75418559a549e9a49 6819976 wordpress_5.0.19+dfsg1-0+deb10u1.debian.tar.xz
c4215935a0b836a359eddcb89cfdaba425f9d4eb 7693 wordpress_5.0.19+dfsg1-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
620ae088e7e520d5f462ec3c36f5b178d7493fd3f97ab5ef40bc62d0144d9004 2632 wordpress_5.0.19+dfsg1-0+deb10u1.dsc
55822f80daf06b2de0dbcb3d9f01148f0d10a543d9af050c4fedfd87d239e9ea 7895576 wordpress_5.0.19+dfsg1.orig.tar.xz
5bea9cc3aeeff0707c5e6f2ada303fbfb941031d9e8cfc79af880ae358c4b560 6819976 wordpress_5.0.19+dfsg1-0+deb10u1.debian.tar.xz
65dcee079e616b19b5aebbe843515e3ed8d18ff3ab376aa269c43ad60c8722f1 7693 wordpress_5.0.19+dfsg1-0+deb10u1_amd64.buildinfo
Changes:
wordpress (5.0.19+dfsg1-0+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2023-2745:
WordPress Core is vulnerable to Directory Traversal via the ‘wp_lang’ parameter.
This allows unauthenticated attackers to access and load arbitrary
translation files. In cases where an attacker is able to upload a crafted
translation file onto the site, such as via an upload form, this could be
also used to perform a Cross-Site Scripting attack.
Files:
ccb456dbf19c80f95e149fe0c488ee39 2632 web optional wordpress_5.0.19+dfsg1-0+deb10u1.dsc
c3b90f2a9fed104118b923547f44adaa 7895576 web optional wordpress_5.0.19+dfsg1.orig.tar.xz
bf00ca4da6449880466c410eb1cef458 6819976 web optional wordpress_5.0.19+dfsg1-0+deb10u1.debian.tar.xz
d3cd04331d5e0891f61cbb227f81fa8e 7693 web optional wordpress_5.0.19+dfsg1-0+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSSH9hfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkc1wP/00mCI5iewEUKDRe2TAeVbH3vfaPcM8T5jB5
bNlRwS3skrF2s4PlkCRfSPqCrRci2sDXatsudBLRDzOFZAWcdIomtckZ/g2M1M9C
VdomJRbDwbsGPIZ3gjZDXC7fM/BSOF+dFwHubW4FtZ9xYRPXWXlzvFiousZTocHf
UQC+Om1+qI2ByMxFELU2A5KvbMtrrGa/iMY3le13CSOrULBSFeQ2/r5PrNpNQUQh
7ZQP0+MSLHnARR4zK3f3UuJrH/TM0WzmpXvlsJ77uefZAHBFrfO/6SV3OOOAkcyD
8O+spYeE+LWt1QFCFAiduNHPU2bIWyK6o3IMaKAfPMh8lvaOGtE7ReTL1pQxbEWS
MVYvXSbNMna70Rp7PzGyFmgm/OaYbTPI5CS/aqu6W3zhDSlxla1st2V5/QLxz+R7
GFv0AGotNzCRdkPJgyxWh9vGxuzNQKF4DvgkzXHcIWzsXuptw36dN0OINJfQCIu8
DUrqoR6oHwLyZn5iRYy1e42gBulQyfffJEGUZYEa9Qjc9aoBOvgLbMbMAme70jA8
VnxswZ1trh4rmThy+3JxuvU5+yflLcVQBhKdbxnqMI9ACbKnj7GxE/bNzYTJnn8Q
BoFi+qD0kPjkE0Ll/uUsWl8YhiJAm4l2b79xxp7CAnkH9VIEKcEtwcPhxfl9sbhT
s4E/hLXj
=FgP8
-----END PGP SIGNATURE-----