-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2022 21:10:11 +1100 Source: wordpress Architecture: source Version: 6.0.3+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Closes: 1022575 Changes: wordpress (6.0.3+dfsg1-1) unstable; urgency=high . * New security release Closes: #1022575 - Stored XSS via wp-mail.php (post by email) - Open redirect in `wp_nonce_ays` - Sender’s email address is exposed in wp-mail.php - Media Library – Reflected XSS via SQLi - CSRF in wp-trackback.php - Stored XSS via the Customizer - Revert shared user instances introduced in 50790 - Stored XSS in WordPress Core via Comment Editing - Data exposure via the REST Terms/Tags Endpoint - Content from multipart emails leaked - SQL Injection due to improper sanitization in `WP_Date_Query` - RSS Widget: Stored XSS issue - Stored XSS in the search block - Feature Image Block: XSS issue - RSS Block: Stored XSS issue - Fix widget block XSS Checksums-Sha1: 6e3033625b985932e381f0870c7063a937666fa5 2394 wordpress_6.0.3+dfsg1-1.dsc c6ff2a7cf5f42f559f251eb81b022d08d50dcd3b 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz 3504f9040003a78162bb39d74016edcd48a4674c 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz 9ff0284030824a60dbf793fa28b3b4114cb89234 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo Checksums-Sha256: d4c403fda1a7396d2a8350afb37e8326df8e61b27846ac092478dd451b1a39ca 2394 wordpress_6.0.3+dfsg1-1.dsc 5f10b256f9072d35a4cb241a804610026d804d5bb448fcd99590d63cce03dd7a 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz b322f85cb4bf966da6398507abe3f5da069d7441eae153ee5395a9a421cb1c32 6825356 wordpress_6.0.3+dfsg1-1.debian.tar.xz 81987f14a8c77a6a679a28d475d42ca3af52bb72b07783d8081d15955060c2a4 7781 wordpress_6.0.3+dfsg1-1_amd64.buildinfo Files: 2f158f9757c884dd81a2db45bbf3610c 2394 web optional wordpress_6.0.3+dfsg1-1.dsc ec603996838c8011c6f726bc5662890b 15482868 web optional wordpress_6.0.3+dfsg1.orig.tar.xz 6bb40bf7793df5550a9a2a723e633e68 6825356 web optional wordpress_6.0.3+dfsg1-1.debian.tar.xz a89336dae10033593f0b01e5713d6f7c 7781 web optional wordpress_6.0.3+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmNWZVQACgkQAiFmwP88 hOOKcxAAoUSklfkAAH3MSA5aHR+sQPzL9AENK4CAjIs3fm+mzlmHwM7xH7+XyFQq JRdaASddiTD2gsAoDKHvSIu7ScQcK+CvG1342FX/vgs7tJkyWBCdDnWvPHfQaTW6 DcdWOADtZDca60qowQDJOrTsINr7/Mwi6pEOnSRPP42pZ2kJufCQu3lptyjdEvYZ H74tuHxzZc4kkuSgsy6dTGq0D8PQYtf1UMrW871PxqKtl9oMBVA2yLrf0cxqr53C 26udn5U3nvKtkgfWzITC9a6n3DIROc0wuotKpmsnedunCslRoY+KaPfmSNDjN8hn AebwlkWQ+rcTBPSDePT27ljFcBLIakAXoqB9YnIUhh+X7nl6Cik3lO9mGuG2E3Hc tojVzVrJX3RYecfi3JzZY/N0B/s951EYg3+isxCBz4aTJ8v+ZlIB3iiFIDQlinGH rwBa2TGLyXIOKtuZ1dorOD/0uZmZzNw+NMlaVJ/7mUax1AHlQyDqhDyvncE9qbZj V6NwZm4WE4HsBlgsxLMn2T2Cz+Tu0NQhiRhPliF1lVqCv7gAQ86utqf7fIKt+Kv3 MZec3XsDXSlkKSX2ngL89Mn2fKxOM0+68VMYvHXasi8PYe7K3rSnK8K9QWLqNdF8 nYsiLxUOipKgAzAxxKMTWk3HPpamRfyAC1AIopps+TFwc7huCjI= =dEFt -----END PGP SIGNATURE-----