Bug#924546: marked as done (wordpress: Comments may create a XSS)

[Debian Bug Tracking System]

Your message dated Thu, 14 Mar 2019 11:51:12 +0000
with message-id <e1h4ote-0005gq...@fasolo.debian.org>
and subject line Bug#924546: fixed in wordpress 5.1.1+dfsg1-1
has caused the Debian Bug report #924546,
regarding wordpress: Comments may create a XSS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924546
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: wordpress
Version: 5.0.3+dfsg1-1
Severity: important
Tags: security

This release also includes a pair of security fixes that handle how comments 
are filtered and then stored in the database. With a maliciously crafted 
comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed 
in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also 
available for any users who have not yet updated to 5.1.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

Source: wordpress
Source-Version: 5.1.1+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 924...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csm...@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Mar 2019 22:10:00 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen 
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.1.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csm...@debian.org>
Changed-By: Craig Small <csm...@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 924546
Changes:
 wordpress (5.1.1+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release
   * Fixes XSS security hole in comments Closes: #924546
   * Added new/better config example
Checksums-Sha1:
 888d584ef7b18b906c832d5e405c9d11e4f587a6 2442 wordpress_5.1.1+dfsg1-1.dsc
 6e12d1794fed0753cca0c467e6a4f7c2e1d36be9 7734220 
wordpress_5.1.1+dfsg1.orig.tar.xz
 f77f9f654f4e95501c70676d0d9b34da8a4eb8d0 6818632 
wordpress_5.1.1+dfsg1-1.debian.tar.xz
 4de460c362eab407586157eec72c5e1b2f76a427 4381952 
wordpress-l10n_5.1.1+dfsg1-1_all.deb
 5804f613d7315f6e1af2d2cc7afb1ead96da907f 315164 
wordpress-theme-twentynineteen_5.1.1+dfsg1-1_all.deb
 74120931b353913bce1060eb1d57e5756244aede 945892 
wordpress-theme-twentyseventeen_5.1.1+dfsg1-1_all.deb
 7c7d76126cf413dd2293c24925752406b214e6bc 593644 
wordpress-theme-twentysixteen_5.1.1+dfsg1-1_all.deb
 b8c166af1b2fc2c9e19b5701d17be194568b8eb3 5863996 
wordpress_5.1.1+dfsg1-1_all.deb
 0587fb309ccb645a3bfd1134d1206e032e7b0bbf 7250 
wordpress_5.1.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 5058fb8595acdd535c0f0c4c39174b02190fbc102877c0d949a1deaa66ee2dda 2442 
wordpress_5.1.1+dfsg1-1.dsc
 aa7a350983f50c808c5d2ddc6e4ce1912b818ed542c951f534fd3dc59fe088c5 7734220 
wordpress_5.1.1+dfsg1.orig.tar.xz
 e19e2fb35e871aa58e703fd1ceaa343ac9a92b3372ee0943c08d2a56d19c078e 6818632 
wordpress_5.1.1+dfsg1-1.debian.tar.xz
 e378df35cb39b987c9d3683e81222702199e0f4c22dfeecba653ad948f88140d 4381952 
wordpress-l10n_5.1.1+dfsg1-1_all.deb
 6212c2ac39dd15b17a43410aaeb5df31bdf8bdb8bf304387ee7e594d8b33004c 315164 
wordpress-theme-twentynineteen_5.1.1+dfsg1-1_all.deb
 fb2468d99c13f30a448a7b4a2b60ee26702f8e3f62cc04eee24ee0936840e427 945892 
wordpress-theme-twentyseventeen_5.1.1+dfsg1-1_all.deb
 ea82e8b4f7a664c3cbadc1976f740ba0e4bbf4d2306538d3fe94478420ea1440 593644 
wordpress-theme-twentysixteen_5.1.1+dfsg1-1_all.deb
 a73eab6d9c1e8ed11fe337a6d3784805b62301392ac998794fe6c1ab055cc00c 5863996 
wordpress_5.1.1+dfsg1-1_all.deb
 3e9f9e1a9715f2f58f928cecc4d2bda4ac44e98fe3c2d424646d4148e899f7ff 7250 
wordpress_5.1.1+dfsg1-1_amd64.buildinfo
Files:
 ba208241de174f9a46f13fe5cff07d55 2442 web optional wordpress_5.1.1+dfsg1-1.dsc
 449a06201c1369a912026567ce2d56d0 7734220 web optional 
wordpress_5.1.1+dfsg1.orig.tar.xz
 a53797f4a79615b7acfbbf01d85391d4 6818632 web optional 
wordpress_5.1.1+dfsg1-1.debian.tar.xz
 e622e6c42a5d80d23a04a09f31380ff6 4381952 localization optional 
wordpress-l10n_5.1.1+dfsg1-1_all.deb
 3074ed9c05ae5f4bfe236066edb38e6b 315164 web optional 
wordpress-theme-twentynineteen_5.1.1+dfsg1-1_all.deb
 0f7b0ea7f65ef5939b87f25b7972da9a 945892 web optional 
wordpress-theme-twentyseventeen_5.1.1+dfsg1-1_all.deb
 23b8b41af1e214b13d6198cde20bc63e 593644 web optional 
wordpress-theme-twentysixteen_5.1.1+dfsg1-1_all.deb
 7f38c8a6fc8d63ea537ef77fed77feaf 5863996 web optional 
wordpress_5.1.1+dfsg1-1_all.deb
 da17d1ed1a367ea0657454f1e086ed2f 7250 web optional 
wordpress_5.1.1+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlyKOyIACgkQAiFmwP88
hONBEA//YZoOU0TRqcbN3+72OMdynNYjFS8hHFVi2uo4o9RMjWMBgZEkDbjH28Yq
imeTCgeYI2tYqw1YSRax3bvH3jsqDI7sloVuBkj4aZPlN8XoQXDEQn+0DplxpKzS
U6b9WNWtGSJjF43E2iBIdjL7ddCCIquoAc5Uv7SQK30IT+3Ad34YscefMUnNxb3k
axaMHV7LkwGKO6zBFPn5S22vUG8+XUEGkFuPk0d8RV3dzv/j2m9rOXu+9ECAzhM+
Wp3FE4VATwsy6kAa2jNGSZGgqi5GTnDcWLmlkdWKWp8mH4u1dCmPwi76P/ahNQBs
Xd3sNSfKs2y7NYesEIFcIks+ZgzcLnzlYAYvM1EseQHjGgKKLHrkbhkFuhqwAQ/l
WQeGOzHhGjBr9+Dcbl6srUBTAQ2K7sjFdVJMAJ2rLPxDUQe3guP6oW1VBlEkZkgi
a/lZyIbkkDT1SA9fwOTbEGXnLnLle8B+N4rOZGYQ/rNekPexrAiH8AzyRJP8Rq6i
DFk4lrShnjyW0XRle9mwoRMMckmuyBCEE/ldZRjxeUHNUd5WJWukZFKwlHuJEd++
ggCUon9FfOg982WOqSQDlfzPbvb9CloWHZVyx8CYiWcto8fCTQzIIb0Ju1Dlp2jy
udMl0hKNrPLPEN8G9WXqx8tndKEHfUzFG+URhuUVlsI0mJc5hRE=
=0x7N
-----END PGP SIGNATURE-----

--- End Message ---