Bug#895034: marked as done (wordpress: versions 4.9.4 and earlier are affected by three security issues)

Sat, 07 Apr 2018 15:57:30 -0700 

Your message dated Sat, 07 Apr 2018 22:53:41 +0000
with message-id <e1f4wil-0007ed...@fasolo.debian.org>
and subject line Bug#895034: fixed in wordpress 4.9.5+dfsg1-1
has caused the Debian Bug report #895034,
regarding wordpress: versions 4.9.4 and earlier are affected by three security 
issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
895034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: wordpress
Version: 4.9.4-1
Severity: grave
Tags: security upstream
Justification: user security hole

WordPress 4.9.5 fixes 3 security issues:
1) Don't treat localhost as same host by default.
2) Use safe redirects when redirecting the login page if SSL is forced.
3) Make sure the version string is correctly escaped for use in generator tags.

The patches are:
1) 42894 - https://core.trac.wordpress.org/changeset/42894
2) 42892 - https://core.trac.wordpress.org/changeset/42892
3) 42893 - https://core.trac.wordpress.org/changeset/42893

Sid, Buster, Stretch and Jessie all have these issues.

 - Craig

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), 
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 4.9.5+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csm...@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Apr 2018 08:11:40 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen 
wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.9.5+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csm...@debian.org>
Changed-By: Craig Small <csm...@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 895034
Changes:
 wordpress (4.9.5+dfsg1-1) unstable; urgency=medium
 .
   * New upstream source, fixes 3 Security issues Closes: #895034
     - CVE-2018-TBA
       Don't treat localhost as same host by default.
     - CVE-2018-TBA
       Use safe redirects when redirecting login page if SSL is forced
     - CVE-2018-TBA
       Make sure version string is correctly escaped for use in
       generator tags
   * Update to standards version 4.1.4
   * Remove get-orig-source in rules and use uscan
Checksums-Sha1:
 a2616b03d3d40c3ce27ad1619c80ec8f1a911077 2518 wordpress_4.9.5+dfsg1-1.dsc
 760b6bcf4837bac8cbbd6c8c7ccc7c6c3568603a 6757484 
wordpress_4.9.5+dfsg1.orig.tar.xz
 ca91f692d6e1443760288ea4b2534b27ba9be475 6779144 
wordpress_4.9.5+dfsg1-1.debian.tar.xz
 159dd12e1099403c26920d361a8a3a357d051a9c 4381856 
wordpress-l10n_4.9.5+dfsg1-1_all.deb
 bb021a1aa7c9590e1f763c176acd5c777ffc5d36 701108 
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
 af62dd94db2f056413bd067915478e0edfbeb030 941908 
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
 7f7ffd71e02321bb34d364514bbaa6a2e9001ae2 589612 
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
 93f921d2356274a20cf196c36b2e3d0ba184eb23 4503936 
wordpress_4.9.5+dfsg1-1_all.deb
 2195b52a1343ee5eee9c91f50df03755d4e401d3 7331 
wordpress_4.9.5+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 3208965666884b9886ad821b457da678b75a8863568ed5031b4bb61eac4d5f69 2518 
wordpress_4.9.5+dfsg1-1.dsc
 7db44a17f112c0955328b9051d3299449c86dcb706370283627e14912722a1ab 6757484 
wordpress_4.9.5+dfsg1.orig.tar.xz
 7c10dd86b4c2906e5c24cbc8c4d4c9b72a474fb2e60bf87fb2f72cc93d512664 6779144 
wordpress_4.9.5+dfsg1-1.debian.tar.xz
 5632fad106c11930189edafdbffdcd34781cb5550c4564fae2093fc2a9b897be 4381856 
wordpress-l10n_4.9.5+dfsg1-1_all.deb
 622802c4c380ac76765d47079d8afe80ffa7eb049e3ddc16e327e997d7d114c6 701108 
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
 0cb59befdc62314af6f7813116be7a0dd164d277c357a97c9bedaf6277c8aec1 941908 
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
 927e7cb7214760784c735ab5a33a71b55471cd163dcd9c0142ab721ee20ebcbe 589612 
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
 4e51913694b2cf22283f14d6f54ad19360abbe080969416653a8fc567277049d 4503936 
wordpress_4.9.5+dfsg1-1_all.deb
 1840ebbc4ed8ca6ec190127fcbe5e819521a754c17e430b5149fb8520571e95a 7331 
wordpress_4.9.5+dfsg1-1_amd64.buildinfo
Files:
 e7d26eb4f926653483bce05ca69a37c0 2518 web optional wordpress_4.9.5+dfsg1-1.dsc
 8f0bcb0c075e00342438b01ff89e2872 6757484 web optional 
wordpress_4.9.5+dfsg1.orig.tar.xz
 3d7695dc1a4ccce3df98685953a5fdfd 6779144 web optional 
wordpress_4.9.5+dfsg1-1.debian.tar.xz
 00c25669c6f2de642e20dab20a0750c9 4381856 localization optional 
wordpress-l10n_4.9.5+dfsg1-1_all.deb
 adcf0b11449b6f53c86ff6228323068d 701108 web optional 
wordpress-theme-twentyfifteen_4.9.5+dfsg1-1_all.deb
 85d301d3df2acd8f612a9eb3ab6b3c77 941908 web optional 
wordpress-theme-twentyseventeen_4.9.5+dfsg1-1_all.deb
 700986a5df75c7826204369b8036d843 589612 web optional 
wordpress-theme-twentysixteen_4.9.5+dfsg1-1_all.deb
 7217b9bd4790ed8158ab0396c61ce7d7 4503936 web optional 
wordpress_4.9.5+dfsg1-1_all.deb
 f8c0f4e6888a7b2b3994ab2b365c4674 7331 web optional 
wordpress_4.9.5+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlrJQ6QACgkQAiFmwP88
hOMJZQ//ctHYEV7LyO+fgL66An9LWEkaa3BkLovxSgmWXnaxElfgpmLNYFw3hRry
pOxlKYH0Onn5gURLh86gYe6H/loxqRZ7iLYfhEfjV+fMWXnUtxcwUnFQSEJ6ddU8
OIbWSoGehNTGX0/+cYJxXRAJrgCeu3Pq7ZYykgcx1+2QQU4byrqld/0n1lYhs9Bw
zUUCfWp8ZyMVkPgS+bOX/9oFAh2a4XeHqU44JHox2wTkV0Mkuie0MeDQKPE6LtB0
HSWvm1abeqaVoiBXjua85qd3D7hffAu9fZ3j6GwUk05mudyCcrHFVy7x2tRPQKFX
1Il5tfOZJ4DbtfWcP7+pdKxLX/HoWUmcrMIAzdZwOdr5LdgDv4M9tcwGAeALbz3e
gYisYNA10rvNy2uLqjjjFoz8axQTk7ghAo3WTUvrK4h8UZnQeWQZtSbBaV/cUmE+
ImB11dblzRH0Y2moREycWli7ggUU+QMgQIT2MUzA7YHmgW8bhsuraInHkSVJwmjz
GrYjeuWj+0pHSRwVwNBnhx4wV95YuQXJxcjuwU1jMZIc16wqChtVp4LkjX0E4SI/
b3DAu/hpu8ZRlCB03bHhqLXbPnj+FrLYGZypuHMveOFhEcMr1Egmoq6Z3BxT7oh/
4fTlgXhAcGhSXGyF8Z0YdLsqzF0vTPw3X21wRwZMkSv6/nIVfOA=
=aRfT
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to