Your message dated Fri, 06 Sep 2019 09:04:37 +0000
with message-id <[email protected]>
and subject line Bug#939543: fixed in wordpress 5.2.3+dfsg1-1
has caused the Debian Bug report #939543,
regarding wordpress: 5.2.3 fixes several XSS and other security bugs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
939543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939543
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.2.2+dfsg1-1
Severity: normal
Tags: security

Wordpress has release 5.2.3 which fixes several security holes.

From 
https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/

Security Updates
Props to Simon Scannell of RIPS Technologies for finding and disclosing two 
issues. The first, a cross-site scripting (XSS) vulnerability found in post 
previews by contributors. The second was a cross-site scripting vulnerability 
in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of 
a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media 
uploads.
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a 
vulnerability for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case 
where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with 
URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions 
of WordPress. This change was added in 5.2.1 and is now being brought to older 
versions.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.2.3+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Sep 2019 18:39:10 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen 
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.2.3+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 939543
Changes:
 wordpress (5.2.3+dfsg1-1) unstable; urgency=medium
 .
   * Security release, fixes several issues Closes: #939543
     - XSS in post previews
     - XSS in stored comments
     - Open redirect due to validation and sanitization
     - XSS in media uploads
     - XSS in shortcode previews
     - XSS in dashboard
     - XSS in URL sanitization
   * Use replace for dh-linktrees for underscore-js
Checksums-Sha1:
 8d506f243469ab253cf7febe53d062233e6c22ac 2442 wordpress_5.2.3+dfsg1-1.dsc
 1bc82c2c893c1c8a8946e256a0d9aecee4ddef8d 7917852 
wordpress_5.2.3+dfsg1.orig.tar.xz
 8c811cf265f76c5c2ec9ba1049332002f58e6ba4 6818996 
wordpress_5.2.3+dfsg1-1.debian.tar.xz
 456a566d2bc2c00621f79d69c7517f56df118c52 4382520 
wordpress-l10n_5.2.3+dfsg1-1_all.deb
 ada1be882091cc9b7c86920b6a0be278a699dbb2 315732 
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
 6e7493b18161871cc3253246907137c44313ff87 946024 
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
 0f38b10df0c0f9076e91aeed985c18f95f859cc9 593808 
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
 958e97b9e41c225593cbf409432c1fad20155168 6084052 
wordpress_5.2.3+dfsg1-1_all.deb
 4b70656406b38514302896ddf6243d4ea1a08cd2 7402 
wordpress_5.2.3+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 42f0870a37b98e053d96b53d33134e4312885b89204d5cd0503234af7574b8ae 2442 
wordpress_5.2.3+dfsg1-1.dsc
 1cce8a6b53f9acb727ec00e5d20ebf3d8d9423987b2255b2091de237089064c9 7917852 
wordpress_5.2.3+dfsg1.orig.tar.xz
 9fc4e7eef4b456358fe28b8866ec1831b057a6ff780a53d271e38e5f6d39f42f 6818996 
wordpress_5.2.3+dfsg1-1.debian.tar.xz
 3c54045bf93d0e17e17003202606206e44ad6acf145b837fd334ee82584b9797 4382520 
wordpress-l10n_5.2.3+dfsg1-1_all.deb
 949b71ce37a9201ab868138ca4a5a3bedf58cf8d752058f26ff0664fa5d56803 315732 
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
 30f6a8c8538c6f2d61785190ef12fcf07c76fa35964c4accb69df7a105245011 946024 
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
 44b27f25d1bf0904053c318d7cb78ec89f5e81e0cb9e7d3dbe02f04d49dcbed4 593808 
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
 64d203ffcde82799c40eaad974d7d598997130173649b9aaf18cbfc6e65f70c7 6084052 
wordpress_5.2.3+dfsg1-1_all.deb
 52cc04976da8487f3f03945785580a1d33e4f1224871a6c4caf2eb7903df19f6 7402 
wordpress_5.2.3+dfsg1-1_amd64.buildinfo
Files:
 aeaaf3d05c8ed55b4b164900ebddb3e8 2442 web optional wordpress_5.2.3+dfsg1-1.dsc
 72bdb1b905ab5945568b98eaa1dfaf3a 7917852 web optional 
wordpress_5.2.3+dfsg1.orig.tar.xz
 88c8abbac963fe4844e8f53c7fef5961 6818996 web optional 
wordpress_5.2.3+dfsg1-1.debian.tar.xz
 8af29f7316f193a32cf7672a41abf38d 4382520 localization optional 
wordpress-l10n_5.2.3+dfsg1-1_all.deb
 0212617d358b85d3915d9be51b3198b9 315732 web optional 
wordpress-theme-twentynineteen_5.2.3+dfsg1-1_all.deb
 c80197f993c8c56a9f011659d600807e 946024 web optional 
wordpress-theme-twentyseventeen_5.2.3+dfsg1-1_all.deb
 953a2bdc4490f7d8ab1159182a98d1db 593808 web optional 
wordpress-theme-twentysixteen_5.2.3+dfsg1-1_all.deb
 975e49f2e4f0dbbb09e3fe510a4056b0 6084052 web optional 
wordpress_5.2.3+dfsg1-1_all.deb
 5b455e86296e6f87088cf29934f74fd1 7402 web optional 
wordpress_5.2.3+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl1yHgIACgkQAiFmwP88
hON5jw//YLyDPz4g5bIgrkmnKCA/k1F83xCm0O77OuHDB+ZujrA1IiXPspiqf69K
8QsdeYWdt+K2OAjhElpn8dLD9J0zY06JWsccwc2ycmgWX5XHaSdIqiWmWHmonvlR
7aXH4TYaGWmjBVb34fPLgT66qqzRVz7DZSRKrY++DHqv2MF9XXigyBTH6p0DIe+d
bfPYmlrw+pUTl781dxourGqwbnn7Uzq0p1BW6iDG4R/kVzfrO2oFQkEgq+7DAqr5
LaqfXpQeZ2bZqtTT7F0tj2Rw27fzbSdOTAJATt+WoCOEQMTZpMvO/7P7M+gFxPdo
SJM58iK7Os6wO62WKAXtEBHrpoY7ENcMmnRxpcX5pthK3dBpCkslUz1GD8e5Hg0K
E6uC3dKMGA8evGNoNLsjQXqYUsFEM7NTyrxKX6ZvKcRPgstV+1B5myU8aTZier59
bHkJG3yuBdy2inI6spdvgSju4nMU9n3idg2LtCs9ZlgDjBkxtsI9ifyndFP1a0PR
9QH4CCl0HCTkIRlR1HIFoBu3P3RFONWvHyyBgSi2f+7nU8vMfahh6VxOxjenyGQ0
B8ZtuR5FeGjiMQSf5rmxILmUWknnR8jj2pTz6Kn8X85WPu/Hq4mC5VZknHv/NgLd
OJShgzD0VmVYsqBmWWSaHRAnPGSnswql/cX4yTBjySxfu7oc/Dc=
=Znh5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to