Accepted wordpress 5.0.4+dfsg1-1+deb10u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 May 2020 14:29:22 +1000
Source: wordpress
Architecture: source
Version: 5.0.4+dfsg1-1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Closes: 959391
Changes:
wordpress (5.0.4+dfsg1-1+deb10u2) buster-security; urgency=medium
.
* Import of 5.4.1/5.0.9 security release Closes: #959391
- CVE-2020-11025
XSS vulnerability in the navigation section of Customizer allows
JavaScript code to be executed.
- CVE-2020-11026
uploaded files to Media section to lead to script execution
- CVE-2020-11027
Password reset link does not expire
- CVE-2020-11028
Private posts can be found through searching by date
- CVE-2020-11029
XSS in stats() method in class-wp-object-cache
- CVE-2020-11030
Special payload can execute scripts in block editor
Checksums-Sha1:
e4ef6d74ac410d3027b17572d4c19531ed05c6fc 2474 wordpress_5.0.4+dfsg1-1+deb10u2.dsc
bd25181ce9c431e2c766889647333819d3fb404a 6857584 wordpress_5.0.4+dfsg1-1+deb10u2.debian.tar.xz
ac6d357ad439dace5ba0e9e17c6ac16f220f91da 7315 wordpress_5.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
b5fc29bf23b095efb9f9928c657009600871b5052d6ff2fa345bc551c82b9a96 2474 wordpress_5.0.4+dfsg1-1+deb10u2.dsc
d64b5539595519f9b8b7e17de16424db4c0cc40f56b79fb3e4904189645064c6 6857584 wordpress_5.0.4+dfsg1-1+deb10u2.debian.tar.xz
c155adff0b95bc48a681dff1fa8e7bba659f09992f65b69d23ae8715b4856f6f 7315 wordpress_5.0.4+dfsg1-1+deb10u2_amd64.buildinfo
Files:
2a42745663ec1537592ec22c6a065f2a 2474 web optional wordpress_5.0.4+dfsg1-1+deb10u2.dsc
92e5f79bfdf214ac44165419cb9ddbc5 6857584 web optional wordpress_5.0.4+dfsg1-1+deb10u2.debian.tar.xz
d6cdd9946482be14dd47131f15e8d7a1 7315 web optional wordpress_5.0.4+dfsg1-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl6wnLUACgkQAiFmwP88
hOPuDA/+N07Pff9iNRvpez+PfyCdFyJI2MBl+ZvVqbLlsDUOjmYHFQ8jXlHVH2a+
KhI0FI+dHvBmmrEUDFpfjevaAVY2dXZfd3J3OaL2CF+5v0KaNq5RMi6+mxph/Bf3
llv5TpYVBqIQIGsGZTt0H1r1BA6uQZnbStJGRjtWfpnKjunnmso2qlCuXt86bm/X
6gaMSAYNoo1yiFEl1cKu+LebfyxQ+ri4F+uqTyCnMPt5dX6BEA+vKfMeUonNfuDn
8FIyBAswSjTjQ11Ye2fZiroNWsIz75AfFVEdmAoTcd1UvNZ6ZmX1NuwWkGr7MSFK
gnJwS8PZO8ithOXRrKxtFY42wLyb/dwHcHbGdeHMnIXiYf8LD4TXkh78Usa1TdCh
whvq5toTCqEk3hW2H7XUWNOJ5t4Py1nb6QlcmGlfdNoxJ5hxPB+u2hS8mVNr+iGZ
GzQFBpz/CO8YsFHziKwUx8F8JWCRYuWnqgWgz4thjiQVxhGwIcQRkrJ+0kKTNh/c
d1LW+5svoq+/GjS75sMVkmJqc7svbBVOEg90bIAQC31haH02UbtmmO+Mraa0fhIP
+DH9LFWyeiFkN4KyLVNE5zN/7MNVyjbtNkgg3jZ7beUsvnq0+pOtI4pm9dF9Tp3k
GuA9Fx0h1DXpszFfFNPdBT2BbEiiu9bJ7NryE0tPPsSJTzGDIsc=
=oNwT
-----END PGP SIGNATURE-----
Reply to: