-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 May 2020 14:21:58 +1000 Source: wordpress Architecture: source Version: 5.4.1+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Closes: 959391 Changes: wordpress (5.4.1+dfsg1-1) unstable; urgency=medium . * Security release, fixes 6 security bugs Closes: #959391 - CVE-2020-11025 XSS vulnerability in the navigation section of Customizer allows JavaScript code to be executed. - CVE-2020-11026 uploaded files to Media section to lead to script execution - CVE-2020-11027 Password reset link does not expire - CVE-2020-11028 Private posts can be found through searching by date - CVE-2020-11029 XSS in stats() method in class-wp-object-cache - CVE-2020-11030 Special payload can execute scripts in block editor * Add multi-arch tags * Update to standards 4.5.0 Checksums-Sha1: 4d40aaed64b9ca4f990f922a26dce2da621d078a 2440 wordpress_5.4.1+dfsg1-1.dsc 74aaa655fde9723b1791c7172f3e0c56c2c96cf9 8532896 wordpress_5.4.1+dfsg1.orig.tar.xz 4a20daab81332581de1258ee99222be36e3e6356 6823368 wordpress_5.4.1+dfsg1-1.debian.tar.xz 3a8edc0afccc61752b33527c7fc24c62bd62e158 7305 wordpress_5.4.1+dfsg1-1_amd64.buildinfo Checksums-Sha256: 8863466e188147853c3bc1744e85eb295fe5106fa01704a0c995d4307d1a7a2f 2440 wordpress_5.4.1+dfsg1-1.dsc 1586ab9e4594154d58af2604bafc3cc92e176fadec67616eb8b15edf457debb2 8532896 wordpress_5.4.1+dfsg1.orig.tar.xz 4489939e92ffa56f5110886c56bf2b049e60755113f626a0c1c7274ec4ae3955 6823368 wordpress_5.4.1+dfsg1-1.debian.tar.xz d10d99b9ce00dc7129ec284278939bcbb639beb69531149128f446d6bf7ff095 7305 wordpress_5.4.1+dfsg1-1_amd64.buildinfo Files: 15a1f72efe08de3f0a4f2011f2e372c0 2440 web optional wordpress_5.4.1+dfsg1-1.dsc 4e7044bfdf7536371667a749e22a48c4 8532896 web optional wordpress_5.4.1+dfsg1.orig.tar.xz 47bdc2a8c648b064260f4efdcc006e14 6823368 web optional wordpress_5.4.1+dfsg1-1.debian.tar.xz c6fcde25b70a65419c95f65f66cc6112 7305 web optional wordpress_5.4.1+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl6s9ncACgkQAiFmwP88 hOMYoQ//SlOj9mQmIx9RyRjSM2gCk5C7YjFPhXWZJlyxqwP/MjajwWT3TB4BX6nl z2XV/X42SKF1MtJKugz+7H8s2R5sADUESZ3lNbWkKK/gGJnaF+SXSmcM/WrwH5CU 9igHm+PMUjwczAEIpOl4bT8KIh/7jW24JvAWGx2RdqB4xELXw+4B1xjEu2Wj0JkR ZKg2/n26ZKV+Ew9wmpQYIHA9McD80hmuQG+653L1vIWWyKhf5kMuH6B+4Su8htZ7 ZERPzwtyxS9UFMJVgLJWWzGH02BiAawBFp3NcLGK6wKY8wHWni1Txotqyuv7AD8i 36XmM5Z5rmWnObvMEUZkQHavKEZpXrTZmK6L8aiPIsvmiIegSW/DEX0fN1MWvuTg MWb50uGDVHek4vwjuoRqMiaq1tSb6+dyWznmf5Qmbkec5U8l6h4z2YXeWgU8vza+ DawB3tp3y4r6SDwtHQCtmcOdMpWrZWVdH6lho/4+izHEhP1vW2TsrFpmXhXjBofA AVx3fVkIPmqzJornT88DmHcInfAFC3n9mB8btA5x5ZSNFFziJRewOa05XBnQVkqR gDp6eMN0OCe0nvX5IK9epR8J2Zfn/Bra5Xf42l3s+QSngAkYbwI1nGcOLOX/hmYq gu+HxTYJ2y+1fx9STSBKhJqQ0QU/4uFBnSbMJgKDZBqdZSA/ruc= =dWEf -----END PGP SIGNATURE-----