[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted wordpress 5.0.4+dfsg1-1+deb10u1 (source all) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Dec 2019 15:26:33 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.0.4+dfsg1-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 939543 942459 946905
Changes:
 wordpress (5.0.4+dfsg1-1+deb10u1) buster-security; urgency=medium
 .
   * Backport of the 5.3.1 security release Closes: #946905
     - CVE-2019-20043
       an unprivileged user could make a post sticky via the REST API.
     - CVE-2019-20042
       cross-site scripting (XSS) could be stored in well-crafted links
     - CVE-2019-20041
       hardening wp_kses_bad_protocol() to ensure that it is aware
       of the named colon attribute.
     - CVE-2019-16780 and CVE-2019-16781
       stored XSS vulnerability using block editor content.
   * Backport of the 5.2.4 security release Closes: #942459
      - CVE-2019-17674
        Stored XSS in the Customizer
      - CVE-2019-17671
        Viewing unauthenticated posts
      - CVE-2019-17672
        Stored XSS to inject javascript into style tags
      - CVE-2019-17673
        Poisoning JSON GET requests
      - CVE-2019-17669
        SSRF in URL vaidation
      - CVE-2019-17675
        Referer validation in admin screens
    * Backport of 5.2.3 security release, Closes: #939543
      - CVE-2019-16223
        XSS in post previews
      - CVE-2019-16218
        XSS in stored comments
      - CVE-2019-16220
        Open redirect due to validation and sanitization
      - CVE-2019-16217
        XSS in media uploads
      - CVE-2019-16219
        XSS in shortcode previews
      - CVE-2019-16221
        XSS in dashboard
      - CVE-2019-16222
        XSS in URL sanitization
Checksums-Sha1:
 1680e199b4be6c6cacb81497152b638c215c8bed 2474 wordpress_5.0.4+dfsg1-1+deb10u1.dsc
 c2f13e9747708167a7445848032220e21aa7400b 7841492 wordpress_5.0.4+dfsg1.orig.tar.xz
 81ef210ed2f5078cb78e2aff276b33c9a2c46c96 6855228 wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
 b6cc3409c5ab3034e0fb5be02e655d8dfe6c35a4 4384400 wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
 34bdd5fb049aeec2641470f70e2efa89273b7df6 306440 wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
 28c990d014762584c0c484538f62a9f87b8033ec 946000 wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
 c3bff7bc4cd576fddbadf127e2f2d9b3b96fba5d 593688 wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
 73b5ac679a6e3e1e61fcceb87fe9e4e242f5a939 5999780 wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
 b8f192af92b57ed19610629123e1fdb35ed453cd 7315 wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 550595b367db12a9e96391f3c2eb99af819772154b51a81b49a023c3d724112c 2474 wordpress_5.0.4+dfsg1-1+deb10u1.dsc
 0887eb0a3d0c6b2a7402d6c036b093bacc902b286b3555301c3c4a0d2e5acc7e 7841492 wordpress_5.0.4+dfsg1.orig.tar.xz
 d68835e139d472b5f9ad26c04b00da2e7e1fc13fc6f07cff1153c81c3350e801 6855228 wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
 7a43198caa2035c9140d050a31382c21625959df416bd5bc4eaa285fdc7790f0 4384400 wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
 bbc3cb504db6060ef6fe3ef50694ef7fb0db1cb82a5f89f515f59fa704b6165f 306440 wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
 f04a95781814235213e1c859c0e41e9a2e672f9d8ba6f301adb11e3257b23351 946000 wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
 b29f45945f7ad9940e9b99af91be1366f8f4b532c025cdfa4a422b7a521b492b 593688 wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
 d9ea6c7280e2f3449989e60b96c31443bcfcaa4c2a7f31401fdd2c5c39a813c2 5999780 wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
 b489a9f753846dd06ef2be6105b9705d5da6865dca72246c40ebeb974ddf1b30 7315 wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo
Files:
 168462625aef3cd06d227b22e50b009b 2474 web optional wordpress_5.0.4+dfsg1-1+deb10u1.dsc
 8213279cb75bd9fc7712853aed80458b 7841492 web optional wordpress_5.0.4+dfsg1.orig.tar.xz
 f5c3efa04752a1bb548df3f6500f8df3 6855228 web optional wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz
 d33b93145c8de60fccbbcd09b3f48b0f 4384400 localization optional wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb
 b17a090279bb57798c8f4bb0afc48e30 306440 web optional wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb
 6748a1852da4895a638b2eb59f3362a9 946000 web optional wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb
 e1752ab4754e6260dc1ed8306422a2fb 593688 web optional wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb
 c4725e3043e9d6ff59b1a897d93903fa 5999780 web optional wordpress_5.0.4+dfsg1-1+deb10u1_all.deb
 e54911005ad60dcfabf6293ae41ec69e 7315 web optional wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl4RTU4ACgkQAiFmwP88
hOM4Gg/+Mx+IP9rwvQVUvNQpIVjJdP9u70RRJx0IT1EmekCccu7H4IUysDAOdmNX
bfq/iU38pMujlKahXWeu60yE5glBwArpU+AZiy0zXuR2RN8M7wvrmPyl1J1wQuam
8xoHliuIaldzaZmkUYOYqxPPvIJXT8VEpYnGInI7w1BFcXVan2eY0UCTO9jeDcE8
7SV0n2FSMevLH1J5ow3yoABY/tmHT3rhTKFcUCaY5lQB9UmEsdGhK06u8QwLEsce
yuEqYbzjGNcJz3DRkNQNgqRxpjELOw1WcwbFXgmkPFEkuTgPIwmdcQFYl8uXCkTl
NGGa1DcYIs8ed4RWot7jvJ6YPVOadQmNYT8L76KUFAk37VK/wUdgWgoPyLhQ4fNE
+a1Zng9XwcnvsDJPnU4kwYvFb/pzAzkinOz9S6xO4MC/78WASO9z8As8kBHOA+iv
c6xKrc0NLXKddmvn1DQSF9rtA/tVtcXs9EXpjCS/Zq2GcTQLGBZIFRuxhk3Vydxz
GBF4VLgPaOuz5LBAQ5i6x293JHbvaiNqFuBe0wTzE+gim+ftY1J0xirHhL44Fbfw
PgCECryLHLheB622CFgDDLLUHMZJuCabwzthe5cSuFKDf4uLWnWvAV8/cfGDNvA4
Q5jhuo7wBzPGHcu9bdNbsMy0AIjWGoVAX53T2fkSQv7tBPjsBU4=
=plxk
-----END PGP SIGNATURE-----


Reply to: