Bug#924546: marked as done (wordpress: CVE-2019-9787: Comments may create a XSS)

Thu, 18 Apr 2019 02:51:32 -0700 

Your message dated Thu, 18 Apr 2019 09:48:37 +0000
with message-id <[email protected]>
and subject line Bug#924546: fixed in wordpress 5.0.4+dfsg1-1
has caused the Debian Bug report #924546,
regarding wordpress: CVE-2019-9787: Comments may create a XSS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
924546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924546
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: wordpress
Version: 5.0.3+dfsg1-1
Severity: important
Tags: security

This release also includes a pair of security fixes that handle how comments 
are filtered and then stored in the database. With a maliciously crafted 
comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed 
in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also 
available for any users who have not yet updated to 5.1.


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 5.0.4+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2019 09:20:02 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen 
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.0.4+dfsg1-1
Distribution: buster
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 924546
Changes:
 wordpress (5.0.4+dfsg1-1) buster; urgency=medium
 .
   * Backport of 5.1.1 patches
   * Fix XSS security hole in comments Closes: #924546 CVE-2019-9787
Checksums-Sha1:
 9d69c22484fd841ee0f7c5bf49e1706ac9cd29fb 2442 wordpress_5.0.4+dfsg1-1.dsc
 c2f13e9747708167a7445848032220e21aa7400b 7841492 
wordpress_5.0.4+dfsg1.orig.tar.xz
 189766d6ebe768ca46c5fc4231f2bb9746444bb1 6817812 
wordpress_5.0.4+dfsg1-1.debian.tar.xz
 fcbe7335e064936dc96a32d3225e5b5e997375e6 4384352 
wordpress-l10n_5.0.4+dfsg1-1_all.deb
 3340e0dba1f3aaf2062c013e9b84d1ce0eefd95f 306000 
wordpress-theme-twentynineteen_5.0.4+dfsg1-1_all.deb
 112ae52a7de1090ecba4872bd3555d07087dedfb 945588 
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1_all.deb
 fe8180d36a2d31a43b79b6ea76120b90b77000c6 593208 
wordpress-theme-twentysixteen_5.0.4+dfsg1-1_all.deb
 fbf6fdf09a2172b83d45dc909b15ca0f1e61de9f 5998120 
wordpress_5.0.4+dfsg1-1_all.deb
 f0a5c6c6999e1b57508d8b4d3d25f9e2f3a92cac 7017 
wordpress_5.0.4+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 1258cca305b545ebee78e151a860812ce8bc78dc0d691c4c1d261324c73d4685 2442 
wordpress_5.0.4+dfsg1-1.dsc
 0887eb0a3d0c6b2a7402d6c036b093bacc902b286b3555301c3c4a0d2e5acc7e 7841492 
wordpress_5.0.4+dfsg1.orig.tar.xz
 5b126a82519b6b82b7bdccab6ff610d8ddbd4c0232995c8a25703e8e25f9f6db 6817812 
wordpress_5.0.4+dfsg1-1.debian.tar.xz
 49f1ea07511469f3270caedabdea3416671393d1a00b6b8724bb706fea5a417e 4384352 
wordpress-l10n_5.0.4+dfsg1-1_all.deb
 14759fac92a9968d05276886cadf1abd98dba6b0a25f72a24e285f8a144301e4 306000 
wordpress-theme-twentynineteen_5.0.4+dfsg1-1_all.deb
 a624b3a16ab795499c65f1c95b817058d46f649c69cc25ee222bb0f8e66f42fe 945588 
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1_all.deb
 ce57215d5c99fa470582ed39d6d4d2ecc3d1375800566a0d77a1d8822890ba08 593208 
wordpress-theme-twentysixteen_5.0.4+dfsg1-1_all.deb
 5e9a4712f1c66b4522b1c3880d34843338502e1b59b5467d6f4170f2114e6c23 5998120 
wordpress_5.0.4+dfsg1-1_all.deb
 e62dbd9b2edb019ae99c51d5df57f00a7fd5337e9daf08071396dc6303953d44 7017 
wordpress_5.0.4+dfsg1-1_amd64.buildinfo
Files:
 e6b60be9004d4ad2176bb65b89aa9303 2442 web optional wordpress_5.0.4+dfsg1-1.dsc
 8213279cb75bd9fc7712853aed80458b 7841492 web optional 
wordpress_5.0.4+dfsg1.orig.tar.xz
 196c3ed0fda8f3fd19bc8cae69b22b0a 6817812 web optional 
wordpress_5.0.4+dfsg1-1.debian.tar.xz
 1b136d92840ee43b317bd0f29c500c9f 4384352 localization optional 
wordpress-l10n_5.0.4+dfsg1-1_all.deb
 88010ecd442380bf0d2f973ef0a5b669 306000 web optional 
wordpress-theme-twentynineteen_5.0.4+dfsg1-1_all.deb
 611e079f1e2ff30f3cece3b42f6a03b3 945588 web optional 
wordpress-theme-twentyseventeen_5.0.4+dfsg1-1_all.deb
 dae9194f9af4a149080e9cfa2b4da8a1 593208 web optional 
wordpress-theme-twentysixteen_5.0.4+dfsg1-1_all.deb
 9338f3f045085b0117e5d5945a2d330a 5998120 web optional 
wordpress_5.0.4+dfsg1-1_all.deb
 4997a532e84d66e667e0f6caa29ad759 7017 web optional 
wordpress_5.0.4+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAly4QqMACgkQAiFmwP88
hONsQA/8D3YapjigIiv9xp08XWCXX8RKNUa7zruyP1ngfPn8YgoT5aBCTBn/zygj
ZVr847MoQaKRYBS4YFY39tdKPOf7EzfsKhBCuGV0ZHryhqaPiID9a+2U8ytM/nVa
qYyFvJDJEfOkIZegp1W5cKf07cFeFG4mMIalmXsrRq2o5FFsHnLiTA/MzOROhMlB
yXbUC8rD+BWrWtXRv0eRITXmwxgzVJgYGmrLb3gvfmqD/x1YqtaProV7rAb7wwsI
n63yWIUFJYHgDAMftXiaCV0vGBRqn6061yIm5SV2RWhgLR4n5Sfve4+6Pp254Ajd
DEE2GalTgIsLnMf9faoeUlWF47V/VMAE9lgyPHO/FNA69tEiOIBNoPx5P2jZ1y02
hFRQGT6xx+A7cYcD1z20gNp4za1CnFJdW5GCFJMMyJmAxkIJVWOKULBPZXtMJM35
Xe4fadNF8d7XyYOBf1AZIR9kMVyExoGPVcGjToc+S06mTGq7Cmw09/3z/xTlYg2K
VVv6SP+wmFkbKNMOpX6bqFbvdfNxNx1rWFp3NLRFUf5ewonkZ9VIhgxuYVhciX1x
55g587CAlC0w3NcSK5Q01g1wdzvMmrUE7GBQlyyNmEUMT7nBslbel1DwG04w++Ia
2PudiSvUJeHegq1tg06iZu/ZsZb+ahMudhVKoI0vxBFVbPMokbU=
=+g8f
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to