Accepted wordpress 6.0.3+dfsg1-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Oct 2022 21:10:11 +1100
Source: wordpress
Architecture: source
Version: 6.0.3+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Closes: 1022575
Changes:
wordpress (6.0.3+dfsg1-1) unstable; urgency=high
.
* New security release Closes: #1022575
- Stored XSS via wp-mail.php (post by email)
- Open redirect in `wp_nonce_ays`
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Revert shared user instances introduced in 50790
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in `WP_Date_Query`
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS
Checksums-Sha1:
6e3033625b985932e381f0870c7063a937666fa5 2394 wordpress_6.0.3+dfsg1-1.dsc
c6ff2a7cf5f42f559f251eb81b022d08d50dcd3b 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
3504f9040003a78162bb39d74016edcd48a4674c 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz
9ff0284030824a60dbf793fa28b3b4114cb89234 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
d4c403fda1a7396d2a8350afb37e8326df8e61b27846ac092478dd451b1a39ca 2394 wordpress_6.0.3+dfsg1-1.dsc
5f10b256f9072d35a4cb241a804610026d804d5bb448fcd99590d63cce03dd7a 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
b322f85cb4bf966da6398507abe3f5da069d7441eae153ee5395a9a421cb1c32 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz
81987f14a8c77a6a679a28d475d42ca3af52bb72b07783d8081d15955060c2a4 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo
Files:
2f158f9757c884dd81a2db45bbf3610c 2394 web optional wordpress_6.0.3+dfsg1-1.dsc
ec603996838c8011c6f726bc5662890b 15482868 web optional wordpress_6.0.3+dfsg1.orig.tar.xz
6bb40bf7793df5550a9a2a723e633e68 6825356 web optional wordpress_6.0.3+dfsg1-1.debian.tar.xz
a89336dae10033593f0b01e5713d6f7c 7781 web optional wordpress_6.0.3+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmNWZVQACgkQAiFmwP88
hOOKcxAAoUSklfkAAH3MSA5aHR+sQPzL9AENK4CAjIs3fm+mzlmHwM7xH7+XyFQq
JRdaASddiTD2gsAoDKHvSIu7ScQcK+CvG1342FX/vgs7tJkyWBCdDnWvPHfQaTW6
DcdWOADtZDca60qowQDJOrTsINr7/Mwi6pEOnSRPP42pZ2kJufCQu3lptyjdEvYZ
H74tuHxzZc4kkuSgsy6dTGq0D8PQYtf1UMrW871PxqKtl9oMBVA2yLrf0cxqr53C
26udn5U3nvKtkgfWzITC9a6n3DIROc0wuotKpmsnedunCslRoY+KaPfmSNDjN8hn
AebwlkWQ+rcTBPSDePT27ljFcBLIakAXoqB9YnIUhh+X7nl6Cik3lO9mGuG2E3Hc
tojVzVrJX3RYecfi3JzZY/N0B/s951EYg3+isxCBz4aTJ8v+ZlIB3iiFIDQlinGH
rwBa2TGLyXIOKtuZ1dorOD/0uZmZzNw+NMlaVJ/7mUax1AHlQyDqhDyvncE9qbZj
V6NwZm4WE4HsBlgsxLMn2T2Cz+Tu0NQhiRhPliF1lVqCv7gAQ86utqf7fIKt+Kv3
MZec3XsDXSlkKSX2ngL89Mn2fKxOM0+68VMYvHXasi8PYe7K3rSnK8K9QWLqNdF8
nYsiLxUOipKgAzAxxKMTWk3HPpamRfyAC1AIopps+TFwc7huCjI=
=dEFt
-----END PGP SIGNATURE-----
Reply to: