Your message dated Mon, 07 May 2018 11:35:16 +0000 with message-id <e1ffeqg-000iu5...@fasolo.debian.org> and subject line Bug#895034: fixed in wordpress 4.7.5+dfsg-2+deb9u3 has caused the Debian Bug report #895034, regarding wordpress: CVE-2018-10100 CVE-2018-10101 CVE-2018-10102 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 895034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wordpress Version: 4.9.4-1 Severity: grave Tags: security upstream Justification: user security hole WordPress 4.9.5 fixes 3 security issues: 1) Don't treat localhost as same host by default. 2) Use safe redirects when redirecting the login page if SSL is forced. 3) Make sure the version string is correctly escaped for use in generator tags. The patches are: 1) 42894 - https://core.trac.wordpress.org/changeset/42894 2) 42892 - https://core.trac.wordpress.org/changeset/42892 3) 42893 - https://core.trac.wordpress.org/changeset/42893 Sid, Buster, Stretch and Jessie all have these issues. - Craig -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/6 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 4.7.5+dfsg-2+deb9u3 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 895...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Apr 2018 21:05:38 +1000 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.5+dfsg-2+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 895034 Changes: wordpress (4.7.5+dfsg-2+deb9u3) stretch-security; urgency=high . * Backport security patches from 4.9.5 Closes: #895034 - CVE-2018-10101 Don't treat localhost as same host by default. - CVE-2018-10100 Use safe redirects when redirecting login page if SSL is forced - CVE-2018-10102 Make sure version string is correctly escaped for use in generator tags Checksums-Sha1: 6b5695a510b1564d90b4dc69f18be936b41c2df6 2567 wordpress_4.7.5+dfsg-2+deb9u3.dsc ea340714d6db18e575f6b256861b713249f23af5 6790072 wordpress_4.7.5+dfsg-2+deb9u3.debian.tar.xz 0adfb9adc4bff7ceeee08afe2674073297e7c5de 4383450 wordpress-l10n_4.7.5+dfsg-2+deb9u3_all.deb 3eba3041d752c3607b07269369552e792c5edbab 700758 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u3_all.deb e9060b99b89796befa29825aef5a748c3e14075b 940498 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u3_all.deb ce83ed58daf077f1e5372b8ad43bb75987341379 589548 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u3_all.deb 02e4f90e9882f2dfc23070502d99bc824e0e4eeb 4001794 wordpress_4.7.5+dfsg-2+deb9u3_all.deb 105836d07c7a0618b8f40af633fced75ffb38508 7445 wordpress_4.7.5+dfsg-2+deb9u3_amd64.buildinfo Checksums-Sha256: a8d8c4d8df547ad5c29ef274751737adcf9d841c3c6d6a55fb9912057c3c1363 2567 wordpress_4.7.5+dfsg-2+deb9u3.dsc ee83a5db1fc83265db8d1fb06d9ae773237c934abc870f8763dea1a286a60532 6790072 wordpress_4.7.5+dfsg-2+deb9u3.debian.tar.xz e83e955a5e5013809401f66fe9e5e564086293695d46f5f02f5fe813f46699ff 4383450 wordpress-l10n_4.7.5+dfsg-2+deb9u3_all.deb 96055dc98335cce11c442eacb7453233c125a46b3aef71e18f78cdd72ad63190 700758 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u3_all.deb a89398c49334f787d027bc9e1d85f685dbacb8d1cdeec548ca9a6c2bb6c39582 940498 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u3_all.deb 0b1a30f2a79f5a934b0375d10be9d09d3974959323be1078eda885b8a6ae8b32 589548 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u3_all.deb 08c702f2f5811767478129ea3c8ef4e0b9c46efe9fd2c381cd4baed0b4fb78ad 4001794 wordpress_4.7.5+dfsg-2+deb9u3_all.deb 2258e317ea282a385d498349cc2e0f8cabf68e51a8682431958ca875f9e7e28b 7445 wordpress_4.7.5+dfsg-2+deb9u3_amd64.buildinfo Files: 05d97cf990d1831b428bd1c283aef6c6 2567 web optional wordpress_4.7.5+dfsg-2+deb9u3.dsc 220291c4a904926922abfbce283503aa 6790072 web optional wordpress_4.7.5+dfsg-2+deb9u3.debian.tar.xz 0110a76eaf878305a800db72bf659fe6 4383450 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u3_all.deb 78d358f3a2a1c52007b319418a582931 700758 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u3_all.deb 07be591415a201d217a20d0faca11637 940498 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u3_all.deb 233d57a41b5b14eba3cf719f3785624c 589548 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u3_all.deb 720ef8211916ec8ef1fdb60cf8d37f0c 4001794 web optional wordpress_4.7.5+dfsg-2+deb9u3_all.deb 3495d2302ddc76fbe92a33001463d97a 7445 web optional wordpress_4.7.5+dfsg-2+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlrUhN0ACgkQAiFmwP88 hOMQ/Q/9Hs/gt8QR0O70p+0f9GllWF+MwvXYZUTMT4829z88g2HIayLselKJMe1D 48jTZxjhqkai/w8gxgEhQfmcWidoQXRI52FEQcuRdU7XyACfpsHEcBR0x0+ObQ0Z CFG3bwpxJjHj3iJHomD27585VelZh5NKgrvf/k4pFxRhJn77+ZZsqBeFqTVSH5nk deTUAfkcNfMyc+pN+5Nhgr/APCh1WfjNUQqJYpGCsjbK3tQN5ST6wp8zSNGPcMH5 BJFPSLHd2tIHxhAfysEqg+ta97uFDCNPvVspOgVfM6W4uuh9oK0t3hIoq+Bz9h4z VzcJyfs5uRp9lAUgVVCLcJBerYy8sORDBox2O6biFdCRgh8tjpCt8E5A/lXcijt/ TOhNeFYhB/HijMh3hTGiYiqu3rwTLXaFUWdwWlByTabwWZlIOV/Lw5M4Chp+c1fu avTQsG0S9xJbsxdPZLwqSHAmINm40t1UecM9ceAZroYeHru0jdNpxVwwQ/WjVuhV 3VRCpRmTau/huJGTvKXHMB317DV75DcnAuSHgKk09a8V32VWE5BUOCUrTWi06Tra 4n07eFqxxhOh/qmDhZAco9F56+A2GENpk3wXglQZXObaikn6aZa9G479V+o8T6YY mb9ulKBmo7f2NaH/xVrE6zxiUT80b3+OlXpHnHxi3svbpPjV6Rw= =2373 -----END PGP SIGNATURE-----
--- End Message ---
