-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Dec 2019 15:26:33 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentyseventeen wordpress-theme-twentysixteen Architecture: source all Version: 5.0.4+dfsg1-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 939543 942459 946905 Changes: wordpress (5.0.4+dfsg1-1+deb10u1) buster-security; urgency=medium . * Backport of the 5.3.1 security release Closes: #946905 - CVE-2019-20043 an unprivileged user could make a post sticky via the REST API. - CVE-2019-20042 cross-site scripting (XSS) could be stored in well-crafted links - CVE-2019-20041 hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. - CVE-2019-16780 and CVE-2019-16781 stored XSS vulnerability using block editor content. * Backport of the 5.2.4 security release Closes: #942459 - CVE-2019-17674 Stored XSS in the Customizer - CVE-2019-17671 Viewing unauthenticated posts - CVE-2019-17672 Stored XSS to inject javascript into style tags - CVE-2019-17673 Poisoning JSON GET requests - CVE-2019-17669 SSRF in URL vaidation - CVE-2019-17675 Referer validation in admin screens * Backport of 5.2.3 security release, Closes: #939543 - CVE-2019-16223 XSS in post previews - CVE-2019-16218 XSS in stored comments - CVE-2019-16220 Open redirect due to validation and sanitization - CVE-2019-16217 XSS in media uploads - CVE-2019-16219 XSS in shortcode previews - CVE-2019-16221 XSS in dashboard - CVE-2019-16222 XSS in URL sanitization Checksums-Sha1: 1680e199b4be6c6cacb81497152b638c215c8bed 2474 wordpress_5.0.4+dfsg1-1+deb10u1.dsc c2f13e9747708167a7445848032220e21aa7400b 7841492 wordpress_5.0.4+dfsg1.orig.tar.xz 81ef210ed2f5078cb78e2aff276b33c9a2c46c96 6855228 wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz b6cc3409c5ab3034e0fb5be02e655d8dfe6c35a4 4384400 wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb 34bdd5fb049aeec2641470f70e2efa89273b7df6 306440 wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb 28c990d014762584c0c484538f62a9f87b8033ec 946000 wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb c3bff7bc4cd576fddbadf127e2f2d9b3b96fba5d 593688 wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb 73b5ac679a6e3e1e61fcceb87fe9e4e242f5a939 5999780 wordpress_5.0.4+dfsg1-1+deb10u1_all.deb b8f192af92b57ed19610629123e1fdb35ed453cd 7315 wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo Checksums-Sha256: 550595b367db12a9e96391f3c2eb99af819772154b51a81b49a023c3d724112c 2474 wordpress_5.0.4+dfsg1-1+deb10u1.dsc 0887eb0a3d0c6b2a7402d6c036b093bacc902b286b3555301c3c4a0d2e5acc7e 7841492 wordpress_5.0.4+dfsg1.orig.tar.xz d68835e139d472b5f9ad26c04b00da2e7e1fc13fc6f07cff1153c81c3350e801 6855228 wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz 7a43198caa2035c9140d050a31382c21625959df416bd5bc4eaa285fdc7790f0 4384400 wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb bbc3cb504db6060ef6fe3ef50694ef7fb0db1cb82a5f89f515f59fa704b6165f 306440 wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb f04a95781814235213e1c859c0e41e9a2e672f9d8ba6f301adb11e3257b23351 946000 wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb b29f45945f7ad9940e9b99af91be1366f8f4b532c025cdfa4a422b7a521b492b 593688 wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb d9ea6c7280e2f3449989e60b96c31443bcfcaa4c2a7f31401fdd2c5c39a813c2 5999780 wordpress_5.0.4+dfsg1-1+deb10u1_all.deb b489a9f753846dd06ef2be6105b9705d5da6865dca72246c40ebeb974ddf1b30 7315 wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo Files: 168462625aef3cd06d227b22e50b009b 2474 web optional wordpress_5.0.4+dfsg1-1+deb10u1.dsc 8213279cb75bd9fc7712853aed80458b 7841492 web optional wordpress_5.0.4+dfsg1.orig.tar.xz f5c3efa04752a1bb548df3f6500f8df3 6855228 web optional wordpress_5.0.4+dfsg1-1+deb10u1.debian.tar.xz d33b93145c8de60fccbbcd09b3f48b0f 4384400 localization optional wordpress-l10n_5.0.4+dfsg1-1+deb10u1_all.deb b17a090279bb57798c8f4bb0afc48e30 306440 web optional wordpress-theme-twentynineteen_5.0.4+dfsg1-1+deb10u1_all.deb 6748a1852da4895a638b2eb59f3362a9 946000 web optional wordpress-theme-twentyseventeen_5.0.4+dfsg1-1+deb10u1_all.deb e1752ab4754e6260dc1ed8306422a2fb 593688 web optional wordpress-theme-twentysixteen_5.0.4+dfsg1-1+deb10u1_all.deb c4725e3043e9d6ff59b1a897d93903fa 5999780 web optional wordpress_5.0.4+dfsg1-1+deb10u1_all.deb e54911005ad60dcfabf6293ae41ec69e 7315 web optional wordpress_5.0.4+dfsg1-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl4RTU4ACgkQAiFmwP88 hOM4Gg/+Mx+IP9rwvQVUvNQpIVjJdP9u70RRJx0IT1EmekCccu7H4IUysDAOdmNX bfq/iU38pMujlKahXWeu60yE5glBwArpU+AZiy0zXuR2RN8M7wvrmPyl1J1wQuam 8xoHliuIaldzaZmkUYOYqxPPvIJXT8VEpYnGInI7w1BFcXVan2eY0UCTO9jeDcE8 7SV0n2FSMevLH1J5ow3yoABY/tmHT3rhTKFcUCaY5lQB9UmEsdGhK06u8QwLEsce yuEqYbzjGNcJz3DRkNQNgqRxpjELOw1WcwbFXgmkPFEkuTgPIwmdcQFYl8uXCkTl NGGa1DcYIs8ed4RWot7jvJ6YPVOadQmNYT8L76KUFAk37VK/wUdgWgoPyLhQ4fNE +a1Zng9XwcnvsDJPnU4kwYvFb/pzAzkinOz9S6xO4MC/78WASO9z8As8kBHOA+iv c6xKrc0NLXKddmvn1DQSF9rtA/tVtcXs9EXpjCS/Zq2GcTQLGBZIFRuxhk3Vydxz GBF4VLgPaOuz5LBAQ5i6x293JHbvaiNqFuBe0wTzE+gim+ftY1J0xirHhL44Fbfw PgCECryLHLheB622CFgDDLLUHMZJuCabwzthe5cSuFKDf4uLWnWvAV8/cfGDNvA4 Q5jhuo7wBzPGHcu9bdNbsMy0AIjWGoVAX53T2fkSQv7tBPjsBU4= =plxk -----END PGP SIGNATURE-----