[ubuntu/lunar-proposed] wordpress 6.0.3+dfsg1-1ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Tue Nov 8 03:56:16 UTC 2022 

wordpress (6.0.3+dfsg1-1ubuntu1) lunar; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/setup-mysql: create the user before granting privileges, and
      use mysql_native_password authentication.

wordpress (6.0.3+dfsg1-1) unstable; urgency=high

  * New security release Closes: #1022575
    - Stored XSS via wp-mail.php (post by email)
    - Open redirect in `wp_nonce_ays`
    - Sender’s email address is exposed in wp-mail.php
    - Media Library – Reflected XSS via SQLi
    - CSRF in wp-trackback.php
    - Stored XSS via the Customizer
    - Revert shared user instances introduced in 50790
    - Stored XSS in WordPress Core via Comment Editing
    - Data exposure via the REST Terms/Tags Endpoint
    - Content from multipart emails leaked
    - SQL Injection due to improper sanitization in `WP_Date_Query`
    - RSS Widget: Stored XSS issue
    - Stored XSS in the search block
    - Feature Image Block: XSS issue
    - RSS Block: Stored XSS issue
    - Fix widget block XSS

wordpress (6.0.2+dfsg1-1) unstable; urgency=medium

  * New security release Closes: #1018863
    - Possible link SQL injection within the Link API
    - XSS in Plugins screen
    - Output escaping issue within the_meta()

Date: Mon, 07 Nov 2022 19:54:18 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/wordpress/6.0.3+dfsg1-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Nov 2022 19:54:18 -0800
Source: wordpress
Built-For-Profiles: noudeb
Architecture: source
Version: 6.0.3+dfsg1-1ubuntu1
Distribution: lunar
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 1018863 1022575
Changes:
 wordpress (6.0.3+dfsg1-1ubuntu1) lunar; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - debian/setup-mysql: create the user before granting privileges, and
       use mysql_native_password authentication.
 .
 wordpress (6.0.3+dfsg1-1) unstable; urgency=high
 .
   * New security release Closes: #1022575
     - Stored XSS via wp-mail.php (post by email)
     - Open redirect in `wp_nonce_ays`
     - Sender’s email address is exposed in wp-mail.php
     - Media Library – Reflected XSS via SQLi
     - CSRF in wp-trackback.php
     - Stored XSS via the Customizer
     - Revert shared user instances introduced in 50790
     - Stored XSS in WordPress Core via Comment Editing
     - Data exposure via the REST Terms/Tags Endpoint
     - Content from multipart emails leaked
     - SQL Injection due to improper sanitization in `WP_Date_Query`
     - RSS Widget: Stored XSS issue
     - Stored XSS in the search block
     - Feature Image Block: XSS issue
     - RSS Block: Stored XSS issue
     - Fix widget block XSS
 .
 wordpress (6.0.2+dfsg1-1) unstable; urgency=medium
 .
   * New security release Closes: #1018863
     - Possible link SQL injection within the Link API
     - XSS in Plugins screen
     - Output escaping issue within the_meta()
Checksums-Sha1:
 569783bdb955ebdb639e463367ad065a0234ec5b 2538 wordpress_6.0.3+dfsg1-1ubuntu1.dsc
 c6ff2a7cf5f42f559f251eb81b022d08d50dcd3b 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
 717583e47c12d98255a92a8e2224c6d70e188914 6826252 wordpress_6.0.3+dfsg1-1ubuntu1.debian.tar.xz
 b5e83eefa3349822c9a64b23c2b1ca541fd9c383 7248 wordpress_6.0.3+dfsg1-1ubuntu1_source.buildinfo
Checksums-Sha256:
 cb52ea743d7e104d28c53fea7c38cb8d6307d24d5431e38a3d6f5e4bd5101338 2538 wordpress_6.0.3+dfsg1-1ubuntu1.dsc
 5f10b256f9072d35a4cb241a804610026d804d5bb448fcd99590d63cce03dd7a 15482868 wordpress_6.0.3+dfsg1.orig.tar.xz
 b77c607a70f4a51a2b142e6de05112388fd7643249b6e4518137628b1f86301f 6826252 wordpress_6.0.3+dfsg1-1ubuntu1.debian.tar.xz
 cb1472e9e183197af71561091aaab470427364924d7539b612a75e8d4def88da 7248 wordpress_6.0.3+dfsg1-1ubuntu1_source.buildinfo
Files:
 9c1fa69639a4db69026cae30016c13da 2538 web optional wordpress_6.0.3+dfsg1-1ubuntu1.dsc
 ec603996838c8011c6f726bc5662890b 15482868 web optional wordpress_6.0.3+dfsg1.orig.tar.xz
 5f09439e5147baf11f6e3cf8643411e4 6826252 web optional wordpress_6.0.3+dfsg1-1ubuntu1.debian.tar.xz
 8e50d0252077b9b0445d9cfec99d03cf 7248 web optional wordpress_6.0.3+dfsg1-1ubuntu1_source.buildinfo
Original-Maintainer: Craig Small <csmall at debian.org>

More information about the lunar-changes mailing list