-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Jun 2020 15:46:30 +1000 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentyseventeen wordpress-theme-twentysixteen Architecture: source all Version: 5.0.10+dfsg1-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 962685 Changes: wordpress (5.0.10+dfsg1-0+deb10u1) buster-security; urgency=medium . * Security release, fixes 6 security bugs Closes: #962685 - CVE-2020-4046 Authenticated XSS through embed block - CVE-2020-4047 Authenticated XSS via media attachment page - CVE-2020-4048 Open redirect in wp_validate_redirect() - CVE-2020-4049 Authenticated self-XSS via theme uploads - CVE-2020-4050 'set-screen-option' filter misuse by plugins leading to privilege escalation * Prevent unmoderated comments from search engine indexation Checksums-Sha1: 4544a1705c34347777e3381981cc7f33a4a73008 2481 wordpress_5.0.10+dfsg1-0+deb10u1.dsc a8f00363d70eeb267a9b395daa13a1125cfaae9c 7843376 wordpress_5.0.10+dfsg1.orig.tar.xz ab699b912b3cfefd6eafc6d1f0f048a1389dde0f 6819040 wordpress_5.0.10+dfsg1-0+deb10u1.debian.tar.xz 4420866037a8044dca2b782da73126356a718cf6 4383772 wordpress-l10n_5.0.10+dfsg1-0+deb10u1_all.deb 2705034ee982a3f724669e2eaba6de1b45bfcdae 306812 wordpress-theme-twentynineteen_5.0.10+dfsg1-0+deb10u1_all.deb ad4a9889b5819d5de453f5617983d437af731393 946380 wordpress-theme-twentyseventeen_5.0.10+dfsg1-0+deb10u1_all.deb b861f34810c12144dc95a0d7eae4447e70332df4 594040 wordpress-theme-twentysixteen_5.0.10+dfsg1-0+deb10u1_all.deb 08d97882f30a468d1c39e882f5fee02b23e9b6a1 6001096 wordpress_5.0.10+dfsg1-0+deb10u1_all.deb eff28c6897dcc78735025a81ade9ecc8cc0deee0 7335 wordpress_5.0.10+dfsg1-0+deb10u1_amd64.buildinfo Checksums-Sha256: 785a47cf9555975aca339ecaa703e7249146eb79e303462d36fc4e6ed7c4765c 2481 wordpress_5.0.10+dfsg1-0+deb10u1.dsc fccc2c7bba0c8f4da5304a9813cd604146bb80a75a4997f60ff7377a83649b41 7843376 wordpress_5.0.10+dfsg1.orig.tar.xz 532dc1f767927e1f9741cb274bd815199d13c8e51ffe708e1c6780168f050f1e 6819040 wordpress_5.0.10+dfsg1-0+deb10u1.debian.tar.xz 6f10bbb6f2810c959096bbe5e719c3685043ec084b50bd8579922a12e8967a6b 4383772 wordpress-l10n_5.0.10+dfsg1-0+deb10u1_all.deb a584b205be8eea6cd80c6d1c7439d0c6ccb4acae34da43d04118c014d2039002 306812 wordpress-theme-twentynineteen_5.0.10+dfsg1-0+deb10u1_all.deb 593ff7e8c49d6930de7292fd26e2618a54b4bf1883f5eb0648ef16b6f30889a7 946380 wordpress-theme-twentyseventeen_5.0.10+dfsg1-0+deb10u1_all.deb 6a8540c852512c9180bb480dea54a2abaa09aa720d3ee523e4fb095672189615 594040 wordpress-theme-twentysixteen_5.0.10+dfsg1-0+deb10u1_all.deb ff4f682ad0c68b0db54dab06dd1221668f041b1bacf1ca08b060eb18f4111afa 6001096 wordpress_5.0.10+dfsg1-0+deb10u1_all.deb 317dc5ed6ba24eff15d97d356b06e28e3fa8512b76c9d20860270c80c646c0dc 7335 wordpress_5.0.10+dfsg1-0+deb10u1_amd64.buildinfo Files: f8c4d7dec13ef480ec14b91b94e23b39 2481 web optional wordpress_5.0.10+dfsg1-0+deb10u1.dsc 2aa33db3bbdc321a08e9d2e66544097b 7843376 web optional wordpress_5.0.10+dfsg1.orig.tar.xz eaf9a87588f28fd12f9e004911edeabf 6819040 web optional wordpress_5.0.10+dfsg1-0+deb10u1.debian.tar.xz bece2117cb5f6c9f79683d63b15a8292 4383772 localization optional wordpress-l10n_5.0.10+dfsg1-0+deb10u1_all.deb 344fd3035493b5435c2df9246fa0e432 306812 web optional wordpress-theme-twentynineteen_5.0.10+dfsg1-0+deb10u1_all.deb c04fc64c6206d0a6f583e44c56bcff3f 946380 web optional wordpress-theme-twentyseventeen_5.0.10+dfsg1-0+deb10u1_all.deb a188a785dba59c7013d87e2649aa1324 594040 web optional wordpress-theme-twentysixteen_5.0.10+dfsg1-0+deb10u1_all.deb 33a2ac8e3376176b085a3c723d2dcb51 6001096 web optional wordpress_5.0.10+dfsg1-0+deb10u1_all.deb 9193d3c295a0f8b778aa639c397fe957 7335 web optional wordpress_5.0.10+dfsg1-0+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl7xxJgACgkQAiFmwP88 hONj6w//YTO8iMom8u9gXqT1/Rv8be22i27S44zxeJ7MMwGLw2WTU6zxZlvYqRuj tvaTrXzWxFgajLYbjbb4MEjGPVzX6FRrdyhXolhC8eRbYpoDmQ+vAea01Xyy7gs3 08hEDzh/CzcoRDfaZw2zGZvWtH023OZiAQ0Psa9hCyC9qIUFqM9+QGKlk9qnJoXp RluQjWLq89b2CoARKS5S7plcX8q5kcrgNiPyqFnDF6PXz9xp3302kvvbXynoCAP7 /FeZf8f1v6Y+Tsxcgmxi/AQhFRwfk/kmHZDTbXRVEoJy8l8Y+3qpJyNg1L+BSBQO +C8CHDvX8xM3uweN8Zc37p5Ub2u3uOryxEIIsQihywzjHfNwtdrOQK/M13EtuIqH 4XhTyAFUsubE6B2NxMIBpMi3ZzammjYU8UKmb538YleoDoEJpco6LODLnjxLHVJJ 7qifM83tXSB/wMJUBivbBNSZVdR3YWKN5DeTd6IS94ymaxRs46pII1f4XvA3BC0M R+yBWjk/YQS2TiKfm0DXMF0znkqCfWdGJY0zBLl7FVLhOTH/kTyvpJCfyalj3c6I mycNVNvdlpaXaprUJm+y39NLYpYPTfDDCy2d2k3f26B7cABdptfGJN+xpipYK+s8 ogZPxL6c0nHHJxuBHLhNNXr0xeXhXaWvlo3Y+x+58qxnI8ybWEc= =joYl -----END PGP SIGNATURE-----