Your message dated Sat, 20 Jan 2018 07:51:26 +0000
with message-id <[email protected]>
and subject line Bug#887596: fixed in wordpress 4.9.2+dfsg-1
has caused the Debian Bug report #887596,
regarding wordpress: CVE-2018-5776: XSS vulnerability in MediaElement
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
887596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887596
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 4.9.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole
An XSS vulnerability was discovered in the Flash fallback files in
MediaElement, a library that is included with WordPress. Because the Flash
files are no longer needed for most use cases, they have been removed from
WordPress.
I'm not 100% sure of how bad this is for Debian packages as a lot of
flash items are removed, but it could be still possibly triggered by
the JavaScript around it (this is where the patches seem to be).
This impacts all versions back to 3.7
References:
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/9006
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8),
LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 4.9.2+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Jan 2018 18:02:18 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen
wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.9.2+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 887596
Changes:
wordpress (4.9.2+dfsg-1) unstable; urgency=high
.
* New upstream security release Closes: #887596
and resolves CVE-2018-5776
* Update standards version to 4.1.3 - no change
Checksums-Sha1:
aa0d4e636f200eff02e8395fe72449ba54c279a3 2539 wordpress_4.9.2+dfsg-1.dsc
e92b0cb2fcb9e94d0b190a1fb7cb63d6126a9b35 6716056
wordpress_4.9.2+dfsg.orig.tar.xz
cb453e398689e01ed8b8a1ca5527487df2a08bab 6780752
wordpress_4.9.2+dfsg-1.debian.tar.xz
834abfdee4db1f4c9fe7eaf5e8423f05ce42c88b 4382376
wordpress-l10n_4.9.2+dfsg-1_all.deb
fec36f44de8a6f76bfd8420d801c2d7e5d49c2fd 700924
wordpress-theme-twentyfifteen_4.9.2+dfsg-1_all.deb
a64333028e98f2c8ab187c645a924880f765ccbe 941688
wordpress-theme-twentyseventeen_4.9.2+dfsg-1_all.deb
3eafbf44f5fac625722df09ed9f2ebee80da2f78 589532
wordpress-theme-twentysixteen_4.9.2+dfsg-1_all.deb
b576d55cbb55e92fdb638f3d3ba10aa37ea0c0c0 4460088 wordpress_4.9.2+dfsg-1_all.deb
18b26de6624011a8c277f9bd6ab7f255c633d76d 7240
wordpress_4.9.2+dfsg-1_amd64.buildinfo
Checksums-Sha256:
f9f93e12a31f00903df0805fd799726378b07fcf14bf8769526507d9a58dea51 2539
wordpress_4.9.2+dfsg-1.dsc
c30779787c1f8b565e4acb459768bf26ba1ef90c459fb0e6a5e4b2aa6116abff 6716056
wordpress_4.9.2+dfsg.orig.tar.xz
a5fb73eba4d339639434abb05a2d39f913ebd65ad43b5d256c2a0c734a927082 6780752
wordpress_4.9.2+dfsg-1.debian.tar.xz
5423dbd5336a464131430c8b40f5ce1ad50be47e4b1490b5553a27bf25189d56 4382376
wordpress-l10n_4.9.2+dfsg-1_all.deb
6d5c2d1f544d4ce3a984595a81202a7630ae50867b78b8906a44f5d2678bdedd 700924
wordpress-theme-twentyfifteen_4.9.2+dfsg-1_all.deb
0a0782d69c30b7cf5e2b4a9fbf2752f970bbd459df44520c5a3c0a866825e61b 941688
wordpress-theme-twentyseventeen_4.9.2+dfsg-1_all.deb
0b731b179d36edf59e07a3d81b8a31d80b8dc7957aa082b36d4970c89063d8b2 589532
wordpress-theme-twentysixteen_4.9.2+dfsg-1_all.deb
3816792f542634e97ca71b10d6fdcc40a11efb3891ae6c5e7011edc1be5cafaf 4460088
wordpress_4.9.2+dfsg-1_all.deb
d5393e778e4bef33e5bdecf891df498097af89b3d8f40b013505480eb9da557e 7240
wordpress_4.9.2+dfsg-1_amd64.buildinfo
Files:
ff1bcd080ba7e7f1b596ef2231ca367a 2539 web optional wordpress_4.9.2+dfsg-1.dsc
8364eb924f99304c495b252ca16e15c1 6716056 web optional
wordpress_4.9.2+dfsg.orig.tar.xz
619f05542d7d17ab387341326f54ea48 6780752 web optional
wordpress_4.9.2+dfsg-1.debian.tar.xz
ab6b57746ae67f40b1ff4481d943f86b 4382376 localization optional
wordpress-l10n_4.9.2+dfsg-1_all.deb
9d2bafdf55d07644bc4587d375110ea1 700924 web optional
wordpress-theme-twentyfifteen_4.9.2+dfsg-1_all.deb
eb87b46d989561c45efaae8a470b28a3 941688 web optional
wordpress-theme-twentyseventeen_4.9.2+dfsg-1_all.deb
7d98cf3efb67cbddf13df1e860242eab 589532 web optional
wordpress-theme-twentysixteen_4.9.2+dfsg-1_all.deb
271effe63a6a3443365d650970b9c24a 4460088 web optional
wordpress_4.9.2+dfsg-1_all.deb
778ae3aed8bc49b1b5c79de8814d4ecb 7240 web optional
wordpress_4.9.2+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlpi75sACgkQAiFmwP88
hOMTTQ//e4eKQNeNrMQ8zph3CNkMkdgCzQuK3TGSsLEVnLbHK5t8WQ+2AnsyssSj
+aKBjinGJ5UXT+7XeExN0DKsLuttxsbDO/l+4VknFJg5Sy30b8/bsiT7HvHK8tII
TAUe0od91sgH8kRGSIuF365uLVZerNtDYn7Wko8cXY3i0Ej7gRzExCUXGqYdD22u
2pqZgMZormEOm+iyNFK55qRN414gJjzgLkQ51ZHIvQytrdo1KY0L3xDNz5Rrvxxv
4XQckHUgglnLsj4VF3fn4iM8IhHA3M3jf37g/jnymohicWR4tdSCRXMZvcBEaPf1
6eR0GOLzlj/RLLCn0ifF24jWGhhsJOqUiTrEqfpmf0vg8ICcQmAZ17qCLTnVC2D+
+VDlMAGWdWkgEYXodvqWXPBRVWPPyMPLjO7J3JkzkPywZ1iT5qZLXDONGrqbFlZ4
b1BO/e8wPLfV5oeNRnEA4+S6Zm3ClITXqkNhLXogEhZCnUPtC/InLbinXWU2zXhZ
TvEFS2lIs507QtOnlGxWjmwMl2VTqrO62Co5eLZcuz8dsx4G/e7VirNfEHIU6Ewh
Q6MdIYxSlqbSzX97W/baZywVHd3BqE/HJFa+8HFMY5mFoZ/wltiCSys5+uwmQcBr
kMtB4uqV7W+r+webY4pTWHN/BJZp61pBffibcblPGyyeFn1lD4g=
=t3cJ
-----END PGP SIGNATURE-----
--- End Message ---
