Your message dated Sat, 16 Oct 2021 13:53:12 +0000
with message-id <[email protected]>
and subject line Bug#994059: fixed in wordpress 5.0.14+dfsg1-0+deb10u1
has caused the Debian Bug report #994059,
regarding wordpress: CVE-2021-39201
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
994059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994059
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.7.1+dfsg1-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.0.12+dfsg1-0+deb10u1
Hi,
The following vulnerability was published for wordpress.
CVE-2021-39201[0]:
| WordPress is a free and open-source content management system written
| in PHP and paired with a MySQL or MariaDB database. ### Impact The
| issue allows an authenticated but low-privileged user (like
| contributor/author) to execute XSS in the editor. This bypasses the
| restrictions imposed on users who do not have the permission to post
| `unfiltered_html`. ### Patches This has been patched in WordPress 5.8,
| and will be pushed to older versions via minor releases (automatic
| updates). It's strongly recommended that you keep auto-updates enabled
| to receive the fix. ### References
| https://wordpress.org/news/category/releases/
| https://hackerone.com/reports/1142140 ### For more information If you
| have any questions or comments about this advisory: * Open an issue in
| [HackerOne](https://hackerone.com/wordpress)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39201
[1]
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.0.14+dfsg1-0+deb10u1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 Oct 2021 13:11:35 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.0.14+dfsg1-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 994059
Changes:
wordpress (5.0.14+dfsg1-0+deb10u1) buster-security; urgency=high
.
* Security release, fixes 1 bug:
- CVE-2021-39201 - XSS in editor Closes: #994059
Checksums-Sha1:
86ff924e28b575106fc5e2e00c151b21df1bca54 2481
wordpress_5.0.14+dfsg1-0+deb10u1.dsc
4e1c29e5ced25e50378ac04ff01eecf696ae1991 7865784
wordpress_5.0.14+dfsg1.orig.tar.xz
7e69469bd57fb07279fed7640006f994ee97b2d3 6819944
wordpress_5.0.14+dfsg1-0+deb10u1.debian.tar.xz
6caa8ab89a4d0257a195457d63614b54b2c248fc 4384924
wordpress-l10n_5.0.14+dfsg1-0+deb10u1_all.deb
d1a6694e18a0a2a753e3113db438f6f0dc996e8f 307140
wordpress-theme-twentynineteen_5.0.14+dfsg1-0+deb10u1_all.deb
2ac2e826b46aa892a233580ec52d1e1a04c6436b 946760
wordpress-theme-twentyseventeen_5.0.14+dfsg1-0+deb10u1_all.deb
16706866b57035d889f3be8a9937ea2ed7cc08c6 594432
wordpress-theme-twentysixteen_5.0.14+dfsg1-0+deb10u1_all.deb
b28b304c69555f277d9a986a30c0af1ad00e51cc 6025836
wordpress_5.0.14+dfsg1-0+deb10u1_all.deb
0679008d3b0051e5d00e78ed530735d62bc40f53 7368
wordpress_5.0.14+dfsg1-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
932d0698361b97a090dd2e903729c76e8974892e8d818bc41a00cbcc087bb8fd 2481
wordpress_5.0.14+dfsg1-0+deb10u1.dsc
ab48d31a1b7ec820b31bc08a37d0b3f368a5a7db952af31f9777409843fc8001 7865784
wordpress_5.0.14+dfsg1.orig.tar.xz
9bc21c25db7b00a202fa94f1ca758d70968047aaa42e37638db2a27dd02594b4 6819944
wordpress_5.0.14+dfsg1-0+deb10u1.debian.tar.xz
2d7b2e15826efacbca14706224cdbabe20c96b6c4e21ba26489de6c11e09c7fa 4384924
wordpress-l10n_5.0.14+dfsg1-0+deb10u1_all.deb
07919dece659cc520cc81d85755f7067ad4859580b2161142ef956c94c886e0f 307140
wordpress-theme-twentynineteen_5.0.14+dfsg1-0+deb10u1_all.deb
1c6559b7bfdbbcf9826d18a8cc99b572d8ef41e8d32819a752ccafade2119a16 946760
wordpress-theme-twentyseventeen_5.0.14+dfsg1-0+deb10u1_all.deb
009d2d993ca5a57efd06af85784d503c48adba254ebf2f73d5c3aee8ee7e006d 594432
wordpress-theme-twentysixteen_5.0.14+dfsg1-0+deb10u1_all.deb
6e7345425b0df6fdc42a7e84298855595a059e35bd3f8172e56563936d6ab2b1 6025836
wordpress_5.0.14+dfsg1-0+deb10u1_all.deb
29f372ef1d1e7f37015b57b09234d0ac07b7929aeb37aa54241c8e2b34edb401 7368
wordpress_5.0.14+dfsg1-0+deb10u1_amd64.buildinfo
Files:
5550c06cb7738f1e2e73020fbc325b64 2481 web optional
wordpress_5.0.14+dfsg1-0+deb10u1.dsc
040e4ad959f714ab887dde38ebc15d01 7865784 web optional
wordpress_5.0.14+dfsg1.orig.tar.xz
690cdc399aea5fb0285758cfcac7c596 6819944 web optional
wordpress_5.0.14+dfsg1-0+deb10u1.debian.tar.xz
11013efa61028664b37486f343be910e 4384924 localization optional
wordpress-l10n_5.0.14+dfsg1-0+deb10u1_all.deb
d4e0692796037902a29ea2640bf01435 307140 web optional
wordpress-theme-twentynineteen_5.0.14+dfsg1-0+deb10u1_all.deb
b174b981f9c7c136497131fc6b9e3ef4 946760 web optional
wordpress-theme-twentyseventeen_5.0.14+dfsg1-0+deb10u1_all.deb
a99d5a7995e8dfc0dfb8f8c5b0f5fac1 594432 web optional
wordpress-theme-twentysixteen_5.0.14+dfsg1-0+deb10u1_all.deb
f6f81cbf8a0ef681582e5ebe77eb3a30 6025836 web optional
wordpress_5.0.14+dfsg1-0+deb10u1_all.deb
46ec04b83322a7d48e8a3f3d5e1797f9 7368 web optional
wordpress_5.0.14+dfsg1-0+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmFjTkAACgkQAiFmwP88
hOPzBg/+Ox+9T8fWCeEPp0Y0yJM8Gv/uJqIptvzjn9tnXLD9csPINWHL9afTdeZh
XPnaBEdurvMQ1qipszbgDfnlUUcBOooOKY8HD7CScwUK8B60JqnSHu9TYdaHe9tJ
cB1RM8s8z40rbaOGcKfHvBzZFts4RuRh3XJh5axn8npk3MitkpZLBgXfG03pcGw5
3fWIEJYLCHjfgnFpkThNnUdQEUIkMG8DFBTeBRMPEDZdEZnXg5lfeLPSzNsrMK84
J73Zv3ihBwaGFaDNh9cWCcwsahS8/LkUMG1GMu/ExRJB6YkU4v+vOZFy+XjaPZZh
FhbHhfgIhva3EON8zYZKnQfrUNHDzXsgEMCBKz3kJ+8jO495a3YFlG9ozNIcB1K4
uDWkQYqQS/ASMUxp6SF3zcZ2fRqGu6e+exMONQdlUIL7eW/Fx1Om0T16l9b4ZjWO
bJpfTiPbUCb0kHmTvqolWT//ov6TnV3P21nyABryodN2VWWZoXRbR4ADJZK+4ltH
MctI1a0e/qYyxsBXwTwfFLEP7TNy6jD9xeImaOi0CXrqSyJAQyxLFfkck0EF7WF8
5OvxFHAHDloy/kQVmbIidcdikSZPvNBqbY03j8D/jXXEs5pTX4eDgmmVQ+6xpqeA
Y4+aA+/AWKVk9GuyeCeR08mg2SOpa3emEm2MSzWlaw3Wprk4S3o=
=OGsX
-----END PGP SIGNATURE-----
--- End Message ---
