-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Nov 2020 17:23:49 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentyseventeen wordpress-theme-twentytwenty Architecture: source all Version: 5.5.3+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentytwenty - weblog manager - twentytwenty theme files Closes: 973562 Changes: wordpress (5.5.3+dfsg1-1) unstable; urgency=high . * Security release, fixes 8 bugs Closes: #973562 - CVE-2020-28039: Protected meta that could lead to arbitrary file deletion. - CVE-2020-28035: XML-RPC privilege escalation. - CVE-2020-28036: XML-RPC privilege escalation. - CVE-2020-28032: Hardening deserialization requests. - CVE-2020-28037: DoS attack could lead to RCE. - CVE-2020-28038: Stored XSS in post slugs. - CVE-2020-28033: Disable spam embeds from disabled sites on a multisite network. - CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. - CVE-2020-28040: CSRF attacks that change a theme's background image. * Removed TinyMCE build dependency as its very old * d/dirs: Add two more language directories Checksums-Sha1: 9f0e840181f419418ee1b47f777696d306cc065d 2400 wordpress_5.5.3+dfsg1-1.dsc a8ea7d911022e025144274d495c82cf97d1d4caf 8920328 wordpress_5.5.3+dfsg1.orig.tar.xz 4bfcb37da8866a30551fc0049ab8e210516cd98e 6823732 wordpress_5.5.3+dfsg1-1.debian.tar.xz f7647519a725b32e7ed2dea54a3fa5dc69d26eb1 4383344 wordpress-l10n_5.5.3+dfsg1-1_all.deb 824cae1d4563bcbe9031ef2459257fd5baf55824 315596 wordpress-theme-twentynineteen_5.5.3+dfsg1-1_all.deb c183de2ab258723fe357861626e874209cce2199 948240 wordpress-theme-twentyseventeen_5.5.3+dfsg1-1_all.deb 2fc5c6251c538886e89c178604bb2a65388c7a58 755352 wordpress-theme-twentytwenty_5.5.3+dfsg1-1_all.deb e5d4d6ba0290a1693011ac131f189f2f8ad08d3c 7003388 wordpress_5.5.3+dfsg1-1_all.deb b41512e188a05c49634fb241b3b2ade35df3931d 7193 wordpress_5.5.3+dfsg1-1_amd64.buildinfo Checksums-Sha256: 29b3570bb7c8d3125adb7e63cfa6a83ef84f9578f5e5d51adda3caaf1768ae7f 2400 wordpress_5.5.3+dfsg1-1.dsc 8ad4d5c2e103beededfcb09e2f94de8f276191ee630f2fa5c53d2158a81ecebb 8920328 wordpress_5.5.3+dfsg1.orig.tar.xz 219c7cb1701026c76c84c3d51dcab87ba078b438dc5a029c9afaa2a1937bc6c3 6823732 wordpress_5.5.3+dfsg1-1.debian.tar.xz d01807760da034f178c93731f7110a6bbf11542fba6e354b17ea12c870b43140 4383344 wordpress-l10n_5.5.3+dfsg1-1_all.deb f5c2412b8cf4f45bf30ea183802064a7d40689f4f09282557816c3c6788fac67 315596 wordpress-theme-twentynineteen_5.5.3+dfsg1-1_all.deb b322b52ba146e1921d1e8db03bddc29c3a6e73e69b68e2440be2d7319ac3a7a9 948240 wordpress-theme-twentyseventeen_5.5.3+dfsg1-1_all.deb 2c05ed5b42a743c0cdac14fe3882d6221f638941ee699fc3412180580275ebf6 755352 wordpress-theme-twentytwenty_5.5.3+dfsg1-1_all.deb d9fae8239b1b1cc8e850cdd8147bcfc69ed2b7f0cdebeb45f6e5fb9f15224323 7003388 wordpress_5.5.3+dfsg1-1_all.deb 7118fce8acad9e6f09256eeb0e7ae99063e652fe541e71f6c53b27c7fee3bc31 7193 wordpress_5.5.3+dfsg1-1_amd64.buildinfo Files: 6d6678bd747505d8822ea7611869217b 2400 web optional wordpress_5.5.3+dfsg1-1.dsc c8dc794f7669f0bb2bc74fbd65aae001 8920328 web optional wordpress_5.5.3+dfsg1.orig.tar.xz 7acd39ed650da63afc729b2f1a7ce9a0 6823732 web optional wordpress_5.5.3+dfsg1-1.debian.tar.xz a34cf0d1cd5953a441238421988da1c0 4383344 localization optional wordpress-l10n_5.5.3+dfsg1-1_all.deb 442aab930993e3e7cfa6ea9b022f121d 315596 web optional wordpress-theme-twentynineteen_5.5.3+dfsg1-1_all.deb d4e75a99c5f4dc7431f9859c250ad891 948240 web optional wordpress-theme-twentyseventeen_5.5.3+dfsg1-1_all.deb 43a2ba131ef46b75950c1bd186d345c1 755352 web optional wordpress-theme-twentytwenty_5.5.3+dfsg1-1_all.deb 97ef1ecd586dcf858eeb4d84daaa94e9 7003388 web optional wordpress_5.5.3+dfsg1-1_all.deb 06689de25bd29f0f9b442f8891c64940 7193 web optional wordpress_5.5.3+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl+g9/YACgkQAiFmwP88 hOMC3xAAjTpowKWwl+xlFT0R5A/prSuefuw+9FDLFg6yJp0cIaTy9+CVKTHFcktU xNjV9dtsJ7aF1zDaKEKiRi1/CVTQyj63XmRmzzeACrFWX0lSRJSBe0msJhVKdn4U X/nRUC/M2vlFP8dQW3FJGgR6lFRM23Z1VXOJkdePTNfzAaChCB+4TkvteMDT78Pp 6Fh80FKr4zFHaQTfIxH++zMifUTYYkgNKvbVoGEgxRgF+3IQVGKGhQnvW3bIbWdq UbtTwIYxFCBMYUe5pQMYcGbakQb+6CT+dxT5Cp416qIZueO5r0h7wv6eJWsPe5/Z JFtxcyRqLt+HXG7dE+ZphohqXmKykCsRo+YSD+kj/toy8Py/A1rzseOxETni96iw K12mLLyx7cD1h+vHTUtaXnHw6TlpvBNVlfqSq2Yn2R4kKYYPpL4aoWAoNuGdD7qP mbBbpD+uXbbSKbPisE+B2RdQm1Ew8BXz0q5Lg26MMMWKaPu89wx2jrTkq5lHJnKh mTRrhtsQtkAVWyxYJilqh6Cx+fOdD6Rv4b/81RRDuIyCwH5wG5v3Ww36DJV5JIz8 WUT7O3CppUj8P7b9TcDZYcScdQE7Z2cO+sIfNPGcp8Ta/sXqRS5ZdvbQVraPlQ2H nPB5jlN5G+FaJIcojzWmTPPjXAPNElV3DGCsVxpBv+DDc/8FU3w= =utqj -----END PGP SIGNATURE-----