Control: tag -1 pending Hello,
Bug #987065 in SOURCENAME reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/wordpress/-/commit/482426d90c4065cbb6c2f9cac342bf9d10a8f6d5 ------------------------------------------------------------------------ Security release, fixes 2 bugs Closes: #987065 - CVE-2021-29450 - Authenticated disclosure of password-protected posts and pages. - CVE-2021-29447 - Authenticated XXE attack when installation is running PHP 8 At the moment the default PHP version is 7.4 so the second bug won't trigger, but one day Debian will be using PHP 8 so let's fix it now. References: https://security-tracker.debian.org/tracker/CVE-2021-29450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/987065
