-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 8 May 2024 22:45:06 CEST Source: wordpress Architecture: source Version: 6.1.6+dfsg1-0+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 54a861766ad074991510da3d6f1839c5ec2334b2 2587 wordpress_6.1.6+dfsg1-0+deb12u1.dsc d329fbe06e23fcf9e7816f4888081e0aa79c21d9 22826125 wordpress_6.1.6+dfsg1.orig.tar.gz e35ef3aa07f3770c5cb5a3f171c92656ac02b303 6879016 wordpress_6.1.6+dfsg1-0+deb12u1.debian.tar.xz 767ff605ebafea134e488e8ea66c440c5ae14da4 8227 wordpress_6.1.6+dfsg1-0+deb12u1_amd64.buildinfo Checksums-Sha256: 95e123841e2787532f7bdd6d458073878eb206c28c07d9e995b667eeb9a3bf31 2587 wordpress_6.1.6+dfsg1-0+deb12u1.dsc fc112fa431c1d948418d2a1a1f190f9206e8cee7c386a2e4e1e173916c8d0eb6 22826125 wordpress_6.1.6+dfsg1.orig.tar.gz 708348759b4df3cdc08718b7bb33f41252774a0a49f535d4cd3cbbdd1f1cc2b5 6879016 wordpress_6.1.6+dfsg1-0+deb12u1.debian.tar.xz 22a0adec9987860ad8d567592236d69254670ae03e4beac21862790ea356351c 8227 wordpress_6.1.6+dfsg1-0+deb12u1_amd64.buildinfo Changes: wordpress (6.1.6+dfsg1-0+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload. * Fix CVE-2024-31210, CVE-2023-39999, CVE-2023-38000, CVE-2023-5561, CVE-2023-2745. Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack. Furthermore this update resolves a possible cross-site-scripting vulnerability, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object though. Files: 4d907a8571d12c2d6d5ae20d576f898e 2587 web optional wordpress_6.1.6+dfsg1-0+deb12u1.dsc 095ef04743ba9041bfa7527ac0a997a0 22826125 web optional wordpress_6.1.6+dfsg1.orig.tar.gz 2c8f861652fc908f9c82c44dc70109a8 6879016 web optional wordpress_6.1.6+dfsg1-0+deb12u1.debian.tar.xz 245bcb9988e31543e9c0d42fe0b21dc0 8227 web optional wordpress_6.1.6+dfsg1-0+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmY75PpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkubUP/0alwB69baeR+vJUXjsgFgWLukSPECgtgbFX jHn1hE6xBxu1/3MqmU3f1Yq+WHXdqSJjC4pnWgFJGa1GszxBAeuFOpyGrKLngHT5 MCyDZHrStfw0d0oGxCb8lDBRRGm5CwfvFWfMTL3x5ZBnVstA0BXo+rQKag+wqvHc YL939bXQtoUJ1Tt3XB+5BR2DwysLAYV0AhaZOn+AiH+xnY/zDW6ByzwBAB/93l15 bzeorfp9iSV493JvbgmsbH0odo2dCP1jyg2ggaeAwWyXr3YPcV3A+3ZeKIUzYJ01 6ZbJZF3rA0693hqRpa+acZqCAjbdQ1eRjQq4qJgzqUfGAZXa1Ujol54dyomqlrT1 PobjFu+nrn/5D3PghzVRyGow5NWLq8r0FFdq6vBIS06SoVYhhsGf79cMUJQExE4h WvhsijDl7WnmTwab8TTw2mlFXzsnmy5Ys/pVJWXE0zQcJ6pfuacckmO1rvpBNPU6 d/pcBqz/U1d/oolKB0MT4NpTVg8e5Rw/kRNn870xbXuUiKGlepCCPpjQoc7XBvmg TMurxHvEleVdbNYaY+Vv/jBxz8GzkAuwO+x+M/LAjtkxZ+4HhD1QaojW62Ljaw+E nGxtnAZC9BMSGq7X/lQSNiqtxxtXzbdY5uHg632jSqwBgAgxj1w1wkDDowDI/WEw pMzFFmdK =O9vf -----END PGP SIGNATURE-----