-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2022 21:17:07 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen wordpress-theme-twentytwenty wordpress-theme-twentytwentyone Architecture: source all Version: 5.7.8+dfsg1-0+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files wordpress-theme-twentytwenty - weblog manager - twentytwenty theme files wordpress-theme-twentytwentyone - weblog manager - twentytwentyone theme files Closes: 1007005 1018863 1022575 Changes: wordpress (5.7.8+dfsg1-0+deb11u1) bullseye-security; urgency=high . * WordPress 5.7.6 backport of patches from 5.9.2 Closes: #1007005 * WordPress 5.7.7 backport of patches from 6.0.2 Closes: #1018863 - Possible link SQL injection within the Link API - XSS in Plugins screen - Output escaping issue within the_meta() * Wordpress 5.7.8 backport of patches from 6.0.3 Closes: #1022575 - Stored XSS via wp-mail.php (post by email) - Open redirect in `wp_nonce_ays` - Sender’s email address is exposed in wp-mail.php - Media Library – Reflected XSS via SQLi - CSRF in wp-trackback.php - Stored XSS via the Customizer - Stored XSS in WordPress Core via Comment Editing - Data exposure via the REST Terms/Tags Endpoint - Content from multipart emails leaked - SQL Injection due to improper sanitization in `WP_Date_Query` - RSS Widget: Stored XSS issue - Stored XSS in the search block - Feature Image Block: XSS issue - RSS Block: Stored XSS issue - Fix widget block XSS Checksums-Sha1: 8a24c12fa6495971f13d0cc95b9137b1bf4a0fe0 2424 wordpress_5.7.8+dfsg1-0+deb11u1.dsc 2ef14f4d9ba1add1470bf544bb4d3c337303507c 11490472 wordpress_5.7.8+dfsg1.orig.tar.xz 9fd8204a5d726128191afbe9a9d6ef3c9c3e7527 6825640 wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz 764bf5625a15718a85209f2b20ecccb9d50cc559 4367604 wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb 88f80629fc0007584cae2797e282a811b747e049 484420 wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb 65c4208bb78cf4802f7a1744a98ee4d5496072f1 756868 wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb 306e315caebf2fbe130d71ac08692d62405c898b 2569952 wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb 6e850ae3fad326bd9c7f17bafa3ecec46bd60ef2 7769372 wordpress_5.7.8+dfsg1-0+deb11u1_all.deb a44832de41f96d07db981b26d2f06c4add8b9d25 7926 wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo Checksums-Sha256: d2db41ab0fc0362b0356ae117eccf23275439f81b2d19883569cacce2f286bc8 2424 wordpress_5.7.8+dfsg1-0+deb11u1.dsc e9ff53bf3935963acfa14b02ad79b98340251e8fa2286e84353ad2fa6b4e982c 11490472 wordpress_5.7.8+dfsg1.orig.tar.xz 71e519b00c0938703a9734a8e59ed399d66adff7781e17ed6ade11d29a0c7f32 6825640 wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz f0bb012e0c091db3a8eaacb2541577f95d6feaec756d19add00430c486fd1aaa 4367604 wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb a58eeb86e4dae4655c055c58851f57b520e11c24dedaece3bfec7ff325358f75 484420 wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb 6cea0c7cf2a8fa30e4bfa303ac6a6738bd6a15bb1c324f722a50699a2f5bfa5a 756868 wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb 3c8a544c36c1f21b697b409e81868f072c657f3bb04f95198bd482ad68233e63 2569952 wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb 0edc246e2baf8de67ed1b257ac4ce3ff31860ccc1344dd1bbb038441d0ce9149 7769372 wordpress_5.7.8+dfsg1-0+deb11u1_all.deb 7bbf13f2223e62feaa0653a43374895b474526d95265ef6a230c08a1143c4d54 7926 wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo Files: 2c0cb2965005d7400f3edcb36a77fa99 2424 web optional wordpress_5.7.8+dfsg1-0+deb11u1.dsc 23282d7c572ae13f0f02bca67d57abd0 11490472 web optional wordpress_5.7.8+dfsg1.orig.tar.xz f2954f5d8ea4a0fc4e4ab57df6340eb0 6825640 web optional wordpress_5.7.8+dfsg1-0+deb11u1.debian.tar.xz 3db6b2ed409ccd1c5e069bc8c76d302c 4367604 localization optional wordpress-l10n_5.7.8+dfsg1-0+deb11u1_all.deb e559c330d5c4b80c6100f14551e4fd3a 484420 web optional wordpress-theme-twentynineteen_5.7.8+dfsg1-0+deb11u1_all.deb fc53adb8bda2803071c325a7d131667d 756868 web optional wordpress-theme-twentytwenty_5.7.8+dfsg1-0+deb11u1_all.deb 8dcd1e7efcc05c386706283c4ec15157 2569952 web optional wordpress-theme-twentytwentyone_5.7.8+dfsg1-0+deb11u1_all.deb 22d9bf63da45ea6962e98fbe1d7e9881 7769372 web optional wordpress_5.7.8+dfsg1-0+deb11u1_all.deb 1edcab5865898b7ef8da3f39989779de 7926 web optional wordpress_5.7.8+dfsg1-0+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmNzZWcACgkQAiFmwP88 hOOqzg//cKMlv+/XWIFRslMlbE9mEvCx440g1t85dJwQssVgPRAGzhLl1k+GsB+W G87YdMDwkaTNNpK3w2nPqolRAGYzkcu71ZELWO4MoyocS3+Xt4dEPmjcReheQklQ DN8ukTn0c9nEDu9gwcs6FXlMUu24fhxhaT8Mn5QCGwPWWLwh7lqgNSs06aP4nfJh EuGoUgLKA0zk8fTG6Iwgos3gPTSagxI5mlrmIziBTTyb56JD3biOSJk6CpTCxshM PMUwoPoVrg8GI+cLAhjDngwbjQo5MItge10QcStEibD/rKEaVM1a9D6h+I/8s3bE W+JKapWsIzA7GlVj6z/wbXyIDOfFT5iOmps83ZZdVRHxzAl5fxkxG7zmcsAKTJep WCccjTvzZsn+2o2GXtnmYLNBjcsxdD/uNnNOxRgWqFsYsrbjakQjoTAz+YZJ02Ge FoSzc0S21up/59Bjwv2aMArDFaCVVnnuuva0TrMsEbEbjj0lfCWHDPlwKDQ1Ddz9 C+bApvEvjvz7kQ1BqIKCY7TtdAVY20Cg9/hdAbr0IEDwq5lGXi32NmPgsrHzndxw qVw3jC8ptKABl8hrmWwkIpkRL3asQNcwRNFV0QnaRQT9fS9z7AHIaoSN6Jr3/CPj Y4mS/H+rSWsqjz22f6H6SUoc8JqkrmOS0tLzjdE+z1G7IaqRW14= =LC2P -----END PGP SIGNATURE-----