1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4599-1] wordpress security update

    From Sebastien Delafond@1:229/2 to All on Wed Jan 8 06:50:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4599-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 08, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : wordpress
    CVE ID : CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220
    CVE-2019-16221 CVE-2019-16222 CVE-2019-16223 CVE-2019-16780
    CVE-2019-16781 CVE-2019-17669 CVE-2019-17671 CVE-2019-17672
    CVE-2019-17673 CVE-2019-17674 CVE-2019-17675 CVE-2019-20041
    CVE-2019-20042 CVE-2019-20043
    Debian Bug : 939543 942459 946905

    Several vulnerabilities were discovered in Wordpress, a web blogging
    tool. They allowed remote attackers to perform various Cross-Side
    Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create
    open redirects, poison cache, and bypass authorization access and
    input sanitation.

    For the stable distribution (buster), these problems have been fixed in
    version 5.0.4+dfsg1-1+deb10u1.

    We recommend that you upgrade your wordpress packages.

    For the detailed security status of wordpress please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/wordpress

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl4VbEIACgkQEL6Jg/PV nWQ02gf+J2wZhdpxWUvi8VXLjIlfT5maSOGgBDNzzmXcrBoS09uteLz+6MJ2RrLt 2AkmKzHHwjkHcrksBPai6pKxPl8kGMNvfoq3myZZSLANIpvUSIJP4ZyVFwpho8lZ KGyKqtOehDeQOo4tRZoVuGGXuPePZ69FLhsQ0o1V27t6UFHLap7vWCDquRZvMeer kZ0emVISeQeVGZyjmZ+o9V+n2BcgRFidWLw49OqRjdPb7rac/3PmunelsOkvb3a+ OvpzAvjb+78CBAl6VsX6LHKXQvjseRXtTHRRea+cxgJYreLc/M/G/NCojHkw9L8I H0nJEe6KUU+jVW4X6GKkAm01eeomTw==
    =wSuy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)