-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Jun 2020 07:53:44 +1000 Source: wordpress Architecture: source Version: 5.4.2+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Closes: 962685 Changes: wordpress (5.4.2+dfsg1-1) unstable; urgency=medium . * Security release, fixes 6 security bugs Closes: #962685 - CVE-2020-4046 Authenticated XSS through embed block - CVE-2020-4047 Authenticated XSS via media attachment page - CVE-2020-4048 Open redirect in wp_validate_redirect() - CVE-2020-4049 Authenticated self-XSS via theme uploads - CVE-2020-4050 'set-screen-option' filter misuse by plugins leading to privilege escalation * Prevent unmoderated comments from search engine indexation Checksums-Sha1: 6e6f39a26afe6b88625d8deb80a9700ab99d323f 2440 wordpress_5.4.2+dfsg1-1.dsc 194094e4727e7de64076b4cf1076eeb04659afff 8596708 wordpress_5.4.2+dfsg1.orig.tar.xz 630880a0991fd59d2926010b6d605c963b037f28 6823380 wordpress_5.4.2+dfsg1-1.debian.tar.xz 967f3bae46ff3f4a3c74c29980de52c59607707f 7175 wordpress_5.4.2+dfsg1-1_amd64.buildinfo Checksums-Sha256: b6d98ae167c60cf88fbb2eb4569ed3a5c457acff19d4ca4cf3df8efe3ef6a046 2440 wordpress_5.4.2+dfsg1-1.dsc a302deea5306e395fb31d6396a38989fb031349e62a3677fe9aa28cbb0e110d5 8596708 wordpress_5.4.2+dfsg1.orig.tar.xz 3782a548c6493dc59af0618da27ae8c4333de50191adf08a8853d2ecb6751066 6823380 wordpress_5.4.2+dfsg1-1.debian.tar.xz f1990d7b146e793dfb9e508e554423353b9ca5cdbe91ec31e733ce979eb27059 7175 wordpress_5.4.2+dfsg1-1_amd64.buildinfo Files: e5cd6325f2789f763e4393bf1bfba913 2440 web optional wordpress_5.4.2+dfsg1-1.dsc 27ac4f32caf8db9f536344e68a151d85 8596708 web optional wordpress_5.4.2+dfsg1.orig.tar.xz 26f1a92ee679ec79f3e6116a4ef4f940 6823380 web optional wordpress_5.4.2+dfsg1-1.debian.tar.xz 641bf66e2121c05d82e5f55f777a7257 7175 web optional wordpress_5.4.2+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl7mnSQACgkQAiFmwP88 hOP7wQ/9E7/lUiGU0yxDjjIxfkl+9kqY//JyQLBtWV68qJSTGPQ4/nmUpmFx+T+a UtjaHsscHuwln57xLQD2WWi+WnzyJNhpRbv2Y0GL/7UuSCGN9uD3DkLnBLLnuSVJ A/H+UYGVolPKr4m9V12sPooqeNdg6+mdiwZWQpeWxAT9mVrqry/dWwoDOtrPPJBb SV0LY5lwuv/6d7mBWZg+kJ/oCWkcis5FJ+DuDxnSSlv6VW3mFGojrDFnqWak32AC rWCyU3cWa8ZvCJApPSOOAs1yLaAYjZn9QTBKFySbfG0iCY9/Q49ANKj+f43ZOIab OeI2frkZQKTRov4lOQGf+EFSWjI9/Q2ujQomvuGM79f+qfdkPTZ1P8R5ODoUkftR gtbj8SfbjFci01PFzA/P/xM3/vbAJ6ierMOFPVNErsV4rXDB5SYqnLMpSmQFJ1E2 NsYMQRcqRj0GpUv3LvQ24X6xhQZpqoGUtMdVpAr/zBcXXCYOt4kJLtNNkiHNrapz Wpb/nwAPaWhXi3rbS1qtNcf5hOejOprfmkNQi+/14CTPkTIH4GG0ej+jWna4O816 5f/eRk1rsvFD92wF0CExokwD7MgYE1x0uCwe3jMGucDZwabFf9+q4DEPiW+aEVim WBPq7wjiKuwPom4fLRPdRC3bhEbrvv5QuCN3xlK/TuT6havBdPg= =YVnw -----END PGP SIGNATURE-----