Your message dated Fri, 16 Apr 2021 23:18:43 +0000
with message-id <[email protected]>
and subject line Bug#987065: fixed in wordpress 5.7.1+dfsg1-1
has caused the Debian Bug report #987065,
regarding wordpress: CVE-2021-29450: Authenticated disclosure of
password-protected posts and pages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987065: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.7+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.0.11+dfsg1-0+deb10u1
Hi,
The following vulnerability was published for wordpress.
CVE-2021-29450[0]:
| Wordpress is an open source CMS. One of the blocks in the WordPress
| editor can be exploited in a way that exposes password-protected posts
| and pages. This requires at least contributor privileges. This has
| been patched in WordPress 5.7.1, along with the older affected
| versions via minor releases. It's strongly recommended that you keep
| auto-updates enabled to receive the fix.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
[1]
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.7.1+dfsg1-1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Apr 2021 08:46:05 +1000
Source: wordpress
Architecture: source
Version: 5.7.1+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Closes: 987065
Changes:
wordpress (5.7.1+dfsg1-1) unstable; urgency=high
.
* Security release, fixes 2 bugs Closes: #987065
- CVE-2021-29450 - Authenticated disclosure of password-protected
posts and pages.
- CVE-2021-29447 - Authenticated XXE attack when installation is
running PHP 8
Checksums-Sha1:
d4f81448a5086694f0206bdbde71cb4f49be0bb5 2392 wordpress_5.7.1+dfsg1-1.dsc
1847b90a47ce49edf3582f65a5a6ef72f907a18c 11475104
wordpress_5.7.1+dfsg1.orig.tar.xz
9495d1417b7191c69d2dc46ca90debe370b6e746 6824304
wordpress_5.7.1+dfsg1-1.debian.tar.xz
9760efe3d4dc1cae5dbb29e5852e60361be26643 7494
wordpress_5.7.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
7b50f1925cedd8aa7a445f87a3ed0aa530dbab7a582052f862957fb076b775b8 2392
wordpress_5.7.1+dfsg1-1.dsc
890e231977bd75c0d883415510edaa9313e881f7c066d86f92472aefb9bfd8f3 11475104
wordpress_5.7.1+dfsg1.orig.tar.xz
7cda4e8aa53cbe9cf98b941d17c578547a0cf289d4abb88555ba58a5f552b745 6824304
wordpress_5.7.1+dfsg1-1.debian.tar.xz
87fec49914c719d1e99c5c05be0710c27e3872022ccf3638be2e5dd4c80ae9b9 7494
wordpress_5.7.1+dfsg1-1_amd64.buildinfo
Files:
e9c8e7896391783d04f53867f277b10c 2392 web optional wordpress_5.7.1+dfsg1-1.dsc
c511a42f1df7e3ef93e50f77aab56c3a 11475104 web optional
wordpress_5.7.1+dfsg1.orig.tar.xz
e8d2622c7589210d6bb9c7f9ebe1afbd 6824304 web optional
wordpress_5.7.1+dfsg1-1.debian.tar.xz
802f794dacb2426db25d39df05eda617 7494 web optional
wordpress_5.7.1+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmB6FowACgkQAiFmwP88
hOMKcg/9H775CmnQYmtbrA7mTAJjsj3KXfGYpV3gOU1HdUOek02Dm5cXIx+GRuIt
2EUyiBROfUF9yie33SLelu6yyKi8Ax907J4URhnn+lu5sWjrsdmPtQ5r3noRgjTX
KRHE4rtvmuNjWdKMGXijZuz3dhjwMC+Ys2LM5zI7dh8JkVuE66SrG2+uoulp0pbT
7BNUUisPq49TzJwcm830r4uJkH7T6MQP8JXj/Ogn3soxRjm+4WJZLEo0ifkInzRF
bs+Ru9d4dfK/lcfYpTSMIpgedOk1bJWZvCbIhy9vkS/6yNe8F9COvAWVkbpOaldC
VDOKinkWq2RWi5loiOxQTtgheQI3yv3YhdL9B6/4BCglrynwoivQiqSNmeV46ML+
G7mA2k7B/+MWu8yagg5aiU5Kz5O8pvck1Dr2rzSq5dWYHcoGs3YzRWMqL5uGOKcs
yiV8fxWGyJVqfreI+SfrrQdpgQwSHTIuOGP+p/QY1rkzvANRrpNKUXTisgvt5feN
jgLQr4aUbK6TmNcbV1AxQEftIH5d+xvTBH9u5jtWmaj712ClmbMNCaORPRh8vkpx
Y7DoBIXd0ddukcQpqnCyXIjnmwzNi74jrkLdeMwUV7ZEvxHIUCqQd/c/hTGxlASX
9khVp8/b/ngifaVtXz41CQO+kHhOdhbd+vu3WRCnHkIvHyEWtKc=
=Eqrd
-----END PGP SIGNATURE-----
--- End Message ---
