Your message dated Sat, 07 Apr 2018 22:53:41 +0000
with message-id <e1f4wil-0007ed...@fasolo.debian.org>
and subject line Bug#895034: fixed in wordpress 4.9.5+dfsg1-1
has caused the Debian Bug report #895034,
regarding wordpress: versions 4.9.4 and earlier are affected by three security
issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
895034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wordpress
Version: 4.9.4-1
Severity: grave
Tags: security upstream
Justification: user security hole
WordPress 4.9.5 fixes 3 security issues:
1) Don't treat localhost as same host by default.
2) Use safe redirects when redirecting the login page if SSL is forced.
3) Make sure the version string is correctly escaped for use in generator tags.
The patches are:
1) 42894 - https://core.trac.wordpress.org/changeset/42894
2) 42892 - https://core.trac.wordpress.org/changeset/42892
3) 42893 - https://core.trac.wordpress.org/changeset/42893
Sid, Buster, Stretch and Jessie all have these issues.
- Craig
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8),
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 4.9.5+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <csm...@debian.org> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 Apr 2018 08:11:40 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen
wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.9.5+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csm...@debian.org>
Changed-By: Craig Small <csm...@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 895034
Changes:
wordpress (4.9.5+dfsg1-1) unstable; urgency=medium
.
* New upstream source, fixes 3 Security issues Closes: #895034
- CVE-2018-TBA
Don't treat localhost as same host by default.
- CVE-2018-TBA
Use safe redirects when redirecting login page if SSL is forced
- CVE-2018-TBA
Make sure version string is correctly escaped for use in
generator tags
* Update to standards version 4.1.4
* Remove get-orig-source in rules and use uscan
Checksums-Sha1:
a2616b03d3d40c3ce27ad1619c80ec8f1a911077 2518 wordpress_4.9.5+dfsg1-1.dsc
760b6bcf4837bac8cbbd6c8c7ccc7c6c3568603a 6757484
wordpress_4.9.5+dfsg1.orig.tar.xz
ca91f692d6e1443760288ea4b2534b27ba9be475 6779144
wordpress_4.9.5+dfsg1-1.debian.tar.xz
159dd12e1099403c26920d361a8a3a357d051a9c 4381856
wordpress-l10n_4.9.5+dfsg1-1_all.deb
bb021a1aa7c9590e1f763c176acd5c777ffc5d36 701108
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
af62dd94db2f056413bd067915478e0edfbeb030 941908
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
7f7ffd71e02321bb34d364514bbaa6a2e9001ae2 589612
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
93f921d2356274a20cf196c36b2e3d0ba184eb23 4503936
wordpress_4.9.5+dfsg1-1_all.deb
2195b52a1343ee5eee9c91f50df03755d4e401d3 7331
wordpress_4.9.5+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
3208965666884b9886ad821b457da678b75a8863568ed5031b4bb61eac4d5f69 2518
wordpress_4.9.5+dfsg1-1.dsc
7db44a17f112c0955328b9051d3299449c86dcb706370283627e14912722a1ab 6757484
wordpress_4.9.5+dfsg1.orig.tar.xz
7c10dd86b4c2906e5c24cbc8c4d4c9b72a474fb2e60bf87fb2f72cc93d512664 6779144
wordpress_4.9.5+dfsg1-1.debian.tar.xz
5632fad106c11930189edafdbffdcd34781cb5550c4564fae2093fc2a9b897be 4381856
wordpress-l10n_4.9.5+dfsg1-1_all.deb
622802c4c380ac76765d47079d8afe80ffa7eb049e3ddc16e327e997d7d114c6 701108
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
0cb59befdc62314af6f7813116be7a0dd164d277c357a97c9bedaf6277c8aec1 941908
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
927e7cb7214760784c735ab5a33a71b55471cd163dcd9c0142ab721ee20ebcbe 589612
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
4e51913694b2cf22283f14d6f54ad19360abbe080969416653a8fc567277049d 4503936
wordpress_4.9.5+dfsg1-1_all.deb
1840ebbc4ed8ca6ec190127fcbe5e819521a754c17e430b5149fb8520571e95a 7331
wordpress_4.9.5+dfsg1-1_amd64.buildinfo
Files:
e7d26eb4f926653483bce05ca69a37c0 2518 web optional wordpress_4.9.5+dfsg1-1.dsc
8f0bcb0c075e00342438b01ff89e2872 6757484 web optional
wordpress_4.9.5+dfsg1.orig.tar.xz
3d7695dc1a4ccce3df98685953a5fdfd 6779144 web optional
wordpress_4.9.5+dfsg1-1.debian.tar.xz
00c25669c6f2de642e20dab20a0750c9 4381856 localization optional
wordpress-l10n_4.9.5+dfsg1-1_all.deb
adcf0b11449b6f53c86ff6228323068d 701108 web optional
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
85d301d3df2acd8f612a9eb3ab6b3c77 941908 web optional
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
700986a5df75c7826204369b8036d843 589612 web optional
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
7217b9bd4790ed8158ab0396c61ce7d7 4503936 web optional
wordpress_4.9.5+dfsg1-1_all.deb
f8c0f4e6888a7b2b3994ab2b365c4674 7331 web optional
wordpress_4.9.5+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlrJQ6QACgkQAiFmwP88
hOMJZQ//ctHYEV7LyO+fgL66An9LWEkaa3BkLovxSgmWXnaxElfgpmLNYFw3hRry
pOxlKYH0Onn5gURLh86gYe6H/loxqRZ7iLYfhEfjV+fMWXnUtxcwUnFQSEJ6ddU8
OIbWSoGehNTGX0/+cYJxXRAJrgCeu3Pq7ZYykgcx1+2QQU4byrqld/0n1lYhs9Bw
zUUCfWp8ZyMVkPgS+bOX/9oFAh2a4XeHqU44JHox2wTkV0Mkuie0MeDQKPE6LtB0
HSWvm1abeqaVoiBXjua85qd3D7hffAu9fZ3j6GwUk05mudyCcrHFVy7x2tRPQKFX
1Il5tfOZJ4DbtfWcP7+pdKxLX/HoWUmcrMIAzdZwOdr5LdgDv4M9tcwGAeALbz3e
gYisYNA10rvNy2uLqjjjFoz8axQTk7ghAo3WTUvrK4h8UZnQeWQZtSbBaV/cUmE+
ImB11dblzRH0Y2moREycWli7ggUU+QMgQIT2MUzA7YHmgW8bhsuraInHkSVJwmjz
GrYjeuWj+0pHSRwVwNBnhx4wV95YuQXJxcjuwU1jMZIc16wqChtVp4LkjX0E4SI/
b3DAu/hpu8ZRlCB03bHhqLXbPnj+FrLYGZypuHMveOFhEcMr1Egmoq6Z3BxT7oh/
4fTlgXhAcGhSXGyF8Z0YdLsqzF0vTPw3X21wRwZMkSv6/nIVfOA=
=aRfT
-----END PGP SIGNATURE-----
--- End Message ---