-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Nov 2020 18:02:39 +1100 Source: wordpress Architecture: source Version: 5.0.11+dfsg1-0+deb10u1 Distribution: buster-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Closes: 971914 973562 Changes: wordpress (5.0.11+dfsg1-0+deb10u1) buster-security; urgency=high . * Security release, fixes 8 bugs Closes: #973562 - CVE-2020-28039: Protected meta that could lead to arbitrary file deletion. - CVE-2020-28035: XML-RPC privilege escalation. - CVE-2020-28036: XML-RPC privilege escalation. - CVE-2020-28032: Hardening deserialization requests. - CVE-2020-28037: DoS attack could lead to RCE. - CVE-2020-28038: Stored XSS in post slugs. - CVE-2020-28033: Disable spam embeds from disabled sites on a multisite network. - CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. - CVE-2020-28040: CSRF attacks that change a theme's background image. * Remove duplicated changeset 45974 Closes: #971914 Checksums-Sha1: e4820375381b46020335517ed946d58ef166a9dc 2481 wordpress_5.0.11+dfsg1-0+deb10u1.dsc 393f5377f30a34e141bee96392674d0dddfe72cb 7844528 wordpress_5.0.11+dfsg1.orig.tar.xz 2d28ee9fee963d10c36613067b2f54211ba0ce88 6818260 wordpress_5.0.11+dfsg1-0+deb10u1.debian.tar.xz e3cf34ad23e5ba40e6ac83be4ce95195a9b762fb 7368 wordpress_5.0.11+dfsg1-0+deb10u1_amd64.buildinfo Checksums-Sha256: 9ea6e6f2c2cb2317dbda94baa0e6f990f32138000a9e99c4dbee65530af46925 2481 wordpress_5.0.11+dfsg1-0+deb10u1.dsc 5331feb3ba5447e4c86b6a7ebaf35ed75761856b0723da4d680d64a45386ec41 7844528 wordpress_5.0.11+dfsg1.orig.tar.xz b205064bd8f2268b93e0d885546693cc833b3a9e9523aeab54dad62c137cf8bc 6818260 wordpress_5.0.11+dfsg1-0+deb10u1.debian.tar.xz 2bffda02eae47ee378e729eac0460c1240fb7cbddded535f4104f4c69004657b 7368 wordpress_5.0.11+dfsg1-0+deb10u1_amd64.buildinfo Files: b582367e5a236bca37fc160a5c8cae7f 2481 web optional wordpress_5.0.11+dfsg1-0+deb10u1.dsc b9dde1e40049404358bf090594558e46 7844528 web optional wordpress_5.0.11+dfsg1.orig.tar.xz 9faba375a89a796e4b371850b2983735 6818260 web optional wordpress_5.0.11+dfsg1-0+deb10u1.debian.tar.xz 21c647c462bfea3103be6a1674925927 7368 web optional wordpress_5.0.11+dfsg1-0+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl+jx2UACgkQAiFmwP88 hOO5Wg//evL37DK25tuF71R0NAn43KtMLds+SFE9/xft7NYijVPA0zpVcBkeb7KX hsOZlXepvBFvXxtu83PCsGlteCBvkE3I4cx/q0nWFKpPpDZN4lBeaRgIKEXaY3iS kDzSjl2G9CpIdZVz4kSTOGt3likeMvUvgpWToX9bT0qluJfhCrDv7VjXnzMjylWz i1r9uhNGYfuW6gLHUbxLTtTT1AAL2frSy/b2KfothJbUQrBLiuLVsZ9BP/eeoaUJ E6NPFB0PEBsb8IBdrfmjgHkilXTIyRlxbpb8dwY07b4BdQWGnK4pHmRB/jqaEoq9 k6W7dUeUukZq4D8k9FAD6mEZP6sVce104N+RRbUHrjSj3YB/sWdV/l43+7vXT5/9 OBgJy9xGzbeOKqC01lArVj1hBepK9T7dXY5+xMJSn9w/jcZhuHGBoBoD0rui1iIP GTnY6Q3+rthcHDW3x4zy/xK07knhGCbzjktKIZr4Fgt0xyx+aZi+RyDBE8gEeuOj xoBggye+dNVmClJKzWZOlhTSu/7qFGbQjK/V7EPLmk8+73xkNQhgPY50SKcDCuiJ 9pheEQJQtn7xuDIztsVmQTqWLNS/S07W+1dMIoBY05YjJ4ZCbhDNBdtZKeomUeSm wBCvsEj2b3nTp7QnjZMddd7BWniehY+wDmP1FloWMh0FfHe2ccY= =J/wJ -----END PGP SIGNATURE-----