Your message dated Fri, 23 Apr 2021 19:32:57 +0000
with message-id <[email protected]>
and subject line Bug#987065: fixed in wordpress 5.0.12+dfsg1-0+deb10u1
has caused the Debian Bug report #987065,
regarding wordpress: CVE-2021-29450: Authenticated disclosure of
password-protected posts and pages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987065: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987065
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 5.7+dfsg1-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.0.11+dfsg1-0+deb10u1
Hi,
The following vulnerability was published for wordpress.
CVE-2021-29450[0]:
| Wordpress is an open source CMS. One of the blocks in the WordPress
| editor can be exploited in a way that exposes password-protected posts
| and pages. This requires at least contributor privileges. This has
| been patched in WordPress 5.7.1, along with the older affected
| versions via minor releases. It's strongly recommended that you keep
| auto-updates enabled to receive the fix.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-29450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
[1]
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 5.0.12+dfsg1-0+deb10u1
Done: Craig Small <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Apr 2021 21:02:47 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentynineteen
wordpress-theme-twentyseventeen wordpress-theme-twentysixteen
Architecture: source all
Version: 5.0.12+dfsg1-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentynineteen - weblog manager - twentynineteen theme files
wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 987065
Changes:
wordpress (5.0.12+dfsg1-0+deb10u1) buster-security; urgency=high
.
* Security release, fixes 2 bugs Closes: #987065
- CVE-2021-29450 - Authenticated disclosure of password-protected
posts and pages.
- CVE-2021-29447 - Authenticated XXE attack when installation is
running PHP 8
Checksums-Sha1:
71893066679a3e0533c76d92e18c70d01585de82 2481
wordpress_5.0.12+dfsg1-0+deb10u1.dsc
11fd17b24df20b1d708c1f76d3d61390608dfef8 7853176
wordpress_5.0.12+dfsg1.orig.tar.xz
aad456853dce0f4086b8665ba97fd96c832ac961 6819540
wordpress_5.0.12+dfsg1-0+deb10u1.debian.tar.xz
2f8c28838c20ccdde54a41a1b9337297d8af4bf5 4383836
wordpress-l10n_5.0.12+dfsg1-0+deb10u1_all.deb
52a55b0b3e36bf7543eac5bd00f7af62bcc62568 307128
wordpress-theme-twentynineteen_5.0.12+dfsg1-0+deb10u1_all.deb
68b696b97755747ae41f254456025c1839896d9b 946720
wordpress-theme-twentyseventeen_5.0.12+dfsg1-0+deb10u1_all.deb
fdb04208ae8221c1e728db736361902d30013d16 594404
wordpress-theme-twentysixteen_5.0.12+dfsg1-0+deb10u1_all.deb
27175800680e29a22f1ffa74fdee9be1ee3e40bc 6014392
wordpress_5.0.12+dfsg1-0+deb10u1_all.deb
3e39d2d6ad6f17cc748c4190b5047a39ed57eea7 7368
wordpress_5.0.12+dfsg1-0+deb10u1_amd64.buildinfo
Checksums-Sha256:
caae64f783ab85c9325f190a7fe5fd52ce24df409bcca77a0b0b457820a998e0 2481
wordpress_5.0.12+dfsg1-0+deb10u1.dsc
bd29a23ce77d3b54fbed56d5c64a866cfbdea5660d7ee131118d77af4eb658b5 7853176
wordpress_5.0.12+dfsg1.orig.tar.xz
5c7643d6f777de204f69bf73d45721e375df515903d2f8d6dd2cf030ea96238f 6819540
wordpress_5.0.12+dfsg1-0+deb10u1.debian.tar.xz
6956fcbe42e0fd7158d5bf3d1716a469ddf76ca814d848699dbd18eb0db953fa 4383836
wordpress-l10n_5.0.12+dfsg1-0+deb10u1_all.deb
e075271477007e424684271c70661a252c5ea08747176c50a23d9789abe46d1c 307128
wordpress-theme-twentynineteen_5.0.12+dfsg1-0+deb10u1_all.deb
bf2c8afac527f8aa45399f20adffc6d21a7a004d0786941dcc327e49b891fb52 946720
wordpress-theme-twentyseventeen_5.0.12+dfsg1-0+deb10u1_all.deb
4a8cea40492bfc0a950093972394362fbbcb30cc435ffe695f79838a78f6c8c7 594404
wordpress-theme-twentysixteen_5.0.12+dfsg1-0+deb10u1_all.deb
94c0e6e2dd4573d6134a20a569f7503a42a5f6b5b60814221afab1d35803da04 6014392
wordpress_5.0.12+dfsg1-0+deb10u1_all.deb
537c2ce7dad84023a747fc71de726887436162c5e5f5a15d4cad1531049f92f8 7368
wordpress_5.0.12+dfsg1-0+deb10u1_amd64.buildinfo
Files:
421d69e601d568869932df11bec7c32e 2481 web optional
wordpress_5.0.12+dfsg1-0+deb10u1.dsc
0a1ff34d2eecffd8741c87c7d7a920ac 7853176 web optional
wordpress_5.0.12+dfsg1.orig.tar.xz
4ca3da58d03fa026e0c4d473363b5811 6819540 web optional
wordpress_5.0.12+dfsg1-0+deb10u1.debian.tar.xz
d503bdba324bff006911388aa4f5429a 4383836 localization optional
wordpress-l10n_5.0.12+dfsg1-0+deb10u1_all.deb
fe21df3ef215624778823125c657341a 307128 web optional
wordpress-theme-twentynineteen_5.0.12+dfsg1-0+deb10u1_all.deb
031914aa1caf50d5b337f89900456d03 946720 web optional
wordpress-theme-twentyseventeen_5.0.12+dfsg1-0+deb10u1_all.deb
0af8f64a2f587b5c8506bd08af99a16f 594404 web optional
wordpress-theme-twentysixteen_5.0.12+dfsg1-0+deb10u1_all.deb
e11c939d550a4a5aa7293c69888ae894 6014392 web optional
wordpress_5.0.12+dfsg1-0+deb10u1_all.deb
ac22f2679b85874ac5adb5b9518f998e 7368 web optional
wordpress_5.0.12+dfsg1-0+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmB+xT0ACgkQAiFmwP88
hOOonA/+LhwefPHPTNzqtU32btxx0BawJ6fpo0HndoVWzcgRypCMm9dkk5OVAR8T
1f24cR+xxfy/c1wfTneU67Cao8MPEmiwFrktqdsprjnnPLp+IvX8m6Q+XCKHXD47
Zih+aS+kAcc4XCdO+PicmSrNRJj0Trd39xECK/MuClZacTr4gRxAdUSgdqGXPGzM
CaGwe1NLi6ewKOw2Iv9nn5RaSxs5pfEZfUMZ0ZJVurxBZhb00H9MtnAcwH/b4Rcj
F5XlX4JuNStVR9J6wFDY1c7lpJBR2AFUbmYXTp4zQ67uayhjY3iOWv9Q+Rdlqm8g
iVjVr8p2lx1g+NyC4+5Mq6z3Yj0rI2ybF8lYshrXcUVxZEVNdWDsqzqwNnLM3UPp
EgQfe/Uyv+f92kU83uZoczAlU7ue9xPzoKLT0c13c6wlKLQBtzOkKJoJn5boEXvx
B6fbuQgYQg7RVCwrE+0DbUgduX0YJ9RqQuAY2bPwbcUasrYP1AaL5JxqUQg+C6XL
MhYP8wBz+Jq++NRTu9MZrIW84xRReu+Yqx1pVhFENT9eMFIXV5xXeaGn8g86xvuV
R/VehpsSYYKujCF4fRVQor1XVcNDIYfsWRwusxk+xmCjYzL9vU4vUpWRlCCtmSug
nK0r3FS5Pjv7rY0lVVCjPLphjHxvpKNKHTQw72OfyAfiuoP5gWw=
=NLhq
-----END PGP SIGNATURE-----
--- End Message ---
