[ubuntu/hirsute-proposed] wordpress 5.6+dfsg1-2ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Sat Jan 9 00:00:15 UTC 2021
wordpress (5.6+dfsg1-2ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/setup-mysql: create the user before granting privileges, and
use mysql_native_password authentication.
wordpress (5.6+dfsg1-2) unstable; urgency=medium
* Removed php5 alternative dependencies as these are only in
oldoldstable
* source-only upload for Bullseye Closes: #977517
wordpress (5.6+dfsg1-1) unstable; urgency=medium
* New upstream release
* Removed theme twentyseventeen
* Added theme twentytwentyone
* Update to standards version 4.5.1
wordpress (5.5.3+dfsg1-1) unstable; urgency=high
* Security release, fixes 8 bugs Closes: #973562
- CVE-2020-28039: Protected meta that could lead to arbitrary
file deletion.
- CVE-2020-28035: XML-RPC privilege escalation.
- CVE-2020-28036: XML-RPC privilege escalation.
- CVE-2020-28032: Hardening deserialization requests.
- CVE-2020-28037: DoS attack could lead to RCE.
- CVE-2020-28038: Stored XSS in post slugs.
- CVE-2020-28033: Disable spam embeds from disabled sites
on a multisite network.
- CVE-2020-28034: Cross-Site Scripting (XSS) via global variables.
- CVE-2020-28040: CSRF attacks that change a theme's background image.
* Removed TinyMCE build dependency as its very old
* d/dirs: Add two more language directories
wordpress (5.5.1+dfsg1-1) unstable; urgency=medium
* New upstream release
* Remove patch CVE-2017-8295 as it is in upstream
wordpress (5.4.2+dfsg1-1) unstable; urgency=medium
* Security release, fixes 6 security bugs Closes: #962685
- CVE-2020-4046
Authenticated XSS through embed block
- CVE-2020-4047
Authenticated XSS via media attachment page
- CVE-2020-4048
Open redirect in wp_validate_redirect()
- CVE-2020-4049
Authenticated self-XSS via theme uploads
- CVE-2020-4050
'set-screen-option' filter misuse by plugins leading to privilege
escalation
* Prevent unmoderated comments from search engine indexation
wordpress (5.4.1+dfsg1-1) unstable; urgency=medium
* Security release, fixes 6 security bugs Closes: #959391
- CVE-2020-11025
XSS vulnerability in the navigation section of Customizer allows
JavaScript code to be executed.
- CVE-2020-11026
uploaded files to Media section to lead to script execution
- CVE-2020-11027
Password reset link does not expire
- CVE-2020-11028
Private posts can be found through searching by date
- CVE-2020-11029
XSS in stats() method in class-wp-object-cache
- CVE-2020-11030
Special payload can execute scripts in block editor
* Add multi-arch tags
* Update to standards 4.5.0
wordpress (5.4+dfsg1-1) unstable; urgency=medium
* New upstream source
* Remove debian.cnf call for create database Closes: #884877
* Add note for iputils-ping required for setup-mysql. Closes: #944465
* Themes: twentysixteen removed, twentytwenty added
* Themes: remove conflict with ancient wordpress
Date: Fri, 08 Jan 2021 15:56:33 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/wordpress/5.6+dfsg1-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Jan 2021 15:56:33 -0800
Source: wordpress
Architecture: source
Version: 5.6+dfsg1-2ubuntu1
Distribution: hirsute
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 884877 944465 959391 962685 973562 977517
Changes:
wordpress (5.6+dfsg1-2ubuntu1) hirsute; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/setup-mysql: create the user before granting privileges, and
use mysql_native_password authentication.
.
wordpress (5.6+dfsg1-2) unstable; urgency=medium
.
* Removed php5 alternative dependencies as these are only in
oldoldstable
* source-only upload for Bullseye Closes: #977517
.
wordpress (5.6+dfsg1-1) unstable; urgency=medium
.
* New upstream release
* Removed theme twentyseventeen
* Added theme twentytwentyone
* Update to standards version 4.5.1
.
wordpress (5.5.3+dfsg1-1) unstable; urgency=high
.
* Security release, fixes 8 bugs Closes: #973562
- CVE-2020-28039: Protected meta that could lead to arbitrary
file deletion.
- CVE-2020-28035: XML-RPC privilege escalation.
- CVE-2020-28036: XML-RPC privilege escalation.
- CVE-2020-28032: Hardening deserialization requests.
- CVE-2020-28037: DoS attack could lead to RCE.
- CVE-2020-28038: Stored XSS in post slugs.
- CVE-2020-28033: Disable spam embeds from disabled sites
on a multisite network.
- CVE-2020-28034: Cross-Site Scripting (XSS) via global variables.
- CVE-2020-28040: CSRF attacks that change a theme's background image.
* Removed TinyMCE build dependency as its very old
* d/dirs: Add two more language directories
.
wordpress (5.5.1+dfsg1-1) unstable; urgency=medium
.
* New upstream release
* Remove patch CVE-2017-8295 as it is in upstream
.
wordpress (5.4.2+dfsg1-1) unstable; urgency=medium
.
* Security release, fixes 6 security bugs Closes: #962685
- CVE-2020-4046
Authenticated XSS through embed block
- CVE-2020-4047
Authenticated XSS via media attachment page
- CVE-2020-4048
Open redirect in wp_validate_redirect()
- CVE-2020-4049
Authenticated self-XSS via theme uploads
- CVE-2020-4050
'set-screen-option' filter misuse by plugins leading to privilege
escalation
* Prevent unmoderated comments from search engine indexation
.
wordpress (5.4.1+dfsg1-1) unstable; urgency=medium
.
* Security release, fixes 6 security bugs Closes: #959391
- CVE-2020-11025
XSS vulnerability in the navigation section of Customizer allows
JavaScript code to be executed.
- CVE-2020-11026
uploaded files to Media section to lead to script execution
- CVE-2020-11027
Password reset link does not expire
- CVE-2020-11028
Private posts can be found through searching by date
- CVE-2020-11029
XSS in stats() method in class-wp-object-cache
- CVE-2020-11030
Special payload can execute scripts in block editor
* Add multi-arch tags
* Update to standards 4.5.0
.
wordpress (5.4+dfsg1-1) unstable; urgency=medium
.
* New upstream source
* Remove debian.cnf call for create database Closes: #884877
* Add note for iputils-ping required for setup-mysql. Closes: #944465
* Themes: twentysixteen removed, twentytwenty added
* Themes: remove conflict with ancient wordpress
Checksums-Sha1:
4398dc6ae481c3bd8892d51d3d6bf1337a27b6bd 2522 wordpress_5.6+dfsg1-2ubuntu1.dsc
a016a21f30918fdf45b7070566154dad84bdc950 11165228 wordpress_5.6+dfsg1.orig.tar.xz
7e818959d7e5771eccbf5b8d40213cebec807078 6824084 wordpress_5.6+dfsg1-2ubuntu1.debian.tar.xz
88bc90954f7937c46a3939259b844fe65e820b60 6804 wordpress_5.6+dfsg1-2ubuntu1_source.buildinfo
Checksums-Sha256:
254e6ba4a648adb6f6c1790bb84d9ffb524a40a4e23290040d210d55e0546070 2522 wordpress_5.6+dfsg1-2ubuntu1.dsc
68368f57a94d4a803ca89e5574f8d23cd562705290ab098df5e8192f384a4e9b 11165228 wordpress_5.6+dfsg1.orig.tar.xz
663c2a10646074a4385a02d716ad7e60d15e4e0e42fc83bcfc2f08f243ce515c 6824084 wordpress_5.6+dfsg1-2ubuntu1.debian.tar.xz
92298203b455616f467b08ebc37aef0852430885e55e514b89bfcb4a3c5eb1a5 6804 wordpress_5.6+dfsg1-2ubuntu1_source.buildinfo
Files:
57a10bcea800d3c7406b6a9973f14be0 2522 web optional wordpress_5.6+dfsg1-2ubuntu1.dsc
ce2d6be36b4e1753a641ecb118dadcb3 11165228 web optional wordpress_5.6+dfsg1.orig.tar.xz
ec2307f7feb2d38e45a032cbd28cc631 6824084 web optional wordpress_5.6+dfsg1-2ubuntu1.debian.tar.xz
083668862704305778fb35e41908a220 6804 web optional wordpress_5.6+dfsg1-2ubuntu1_source.buildinfo
Original-Maintainer: Craig Small <csmall at debian.org>
-----BEGIN PGP SIGNATURE-----
iQJOBAEBCgA4FiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAl/48bEaHHN0ZXZlLmxh
bmdhc2VrQHVidW50dS5jb20ACgkQVo0w8yGyEz0Qkg//cYKqFS8etHJxDe0ijWv5
jO4AL2d9vrrQws6VV9zMmboMe/czxZcV35+evplq26ad8B/Dn3LZrPV9GUws9rqU
tW7ryDOJRroXM5RHptQFB2CJ/fZkATFcxbVL8vm6uM8rBRPx2lnYQKKq6Zuga6w6
F5i3pkxIZeRFRs2nVcA3fcOkvPD/wg01gXTxz/mZ+FxC82kPeiNlHuZvRX+6+NPK
w+89y9BcEvRwKovkNyEgDr5N2kOTQuLtoz4gfgw3VM8noNLibnGfgzYu+XZpaMTj
bSs0EAX8meNiaiGbXk4D/BkRxAO7KgyhWgfdAsXtDRnrMmGxZNVc66n9ap09hiQp
KZ/Ipi9KMbvyp5BJyg3g1ITA/gMgLcy9/COoNz0fCPnTQimi8Ze+l7vzKA3VIdJb
a60p/Kz0PJpStUkHwMyeyWkm0ctll4Dmfns13Y3K64jAWWZusDwlUgRt9/3yPlBK
lQFpYOr7NYsMhPDx+DTmhjPETvm5o2RGWz2S2wO9JZhLAD+I175S+c6WFTO5nvKt
jMJeZH069CCquqL7yo9DfkyAXgGkhl7KSr86Dg5cPVKqONHXrVUlADAClMvDW56d
aJY1PjcdIW5Pn5Wp9xTqKEqF8RK+PH1zHK3e23+Vp/OJxAgbDa4297mQQRtUhPOi
dm2VyWwBO7+7CzV9sBiW3ug=
=KiFN
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list