-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 May 2024 21:45:23 +0200 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentytwentyone wordpress-theme-twentytwentythree wordpress-theme-twentytwentytwo Architecture: all Version: 6.1.6+dfsg1-0+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Markus Koschany Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentytwentyone - weblog manager - twentytwentyone theme files wordpress-theme-twentytwentythree - weblog manager - twentytwentythree theme files wordpress-theme-twentytwentytwo - weblog manager - twentytwentytwo theme files Changes: wordpress (6.1.6+dfsg1-0+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload. * Fix CVE-2024-31210, CVE-2023-39999, CVE-2023-38000, CVE-2023-5561, CVE-2023-2745. Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack. Furthermore this update resolves a possible cross-site-scripting vulnerability, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object though. Checksums-Sha1: 6e15854431da633c6dbabbc7de06790eb3f44f7b 4369632 wordpress-l10n_6.1.6+dfsg1-0+deb12u1_all.deb c231c56734a8fdced0149474d4f0e5dc145c0c16 2580032 wordpress-theme-twentytwentyone_6.1.6+dfsg1-0+deb12u1_all.deb ed1017fc70af69465bc1ccddf14b1917f1851844 2079080 wordpress-theme-twentytwentythree_6.1.6+dfsg1-0+deb12u1_all.deb 3d46600eb4cae7bb659224cc87ed06784a4fb4f2 4323048 wordpress-theme-twentytwentytwo_6.1.6+dfsg1-0+deb12u1_all.deb 81ed8dbcf7e3ef20a339ae45f16831ae115841e0 7656 wordpress_6.1.6+dfsg1-0+deb12u1_all-buildd.buildinfo a1db65382f89af3496e588e5816a9879190cf629 7849800 wordpress_6.1.6+dfsg1-0+deb12u1_all.deb Checksums-Sha256: bd9525ee3cae9a4b669e28acfe15a13facde6b1e77b6ceca8baa66294993c4b0 4369632 wordpress-l10n_6.1.6+dfsg1-0+deb12u1_all.deb 6cf17c8a3484658b43893f5cf0b8e3b26268e962352d26836ffcf302853af0dd 2580032 wordpress-theme-twentytwentyone_6.1.6+dfsg1-0+deb12u1_all.deb 442d20b9098f3b3d5348119963a439d6604885c1d11c8836a76970134628012e 2079080 wordpress-theme-twentytwentythree_6.1.6+dfsg1-0+deb12u1_all.deb 23ea8c44ca8e4ad4cd2853b131dfb5e82657be0a41a76d5cb0b3b0c6411607de 4323048 wordpress-theme-twentytwentytwo_6.1.6+dfsg1-0+deb12u1_all.deb 3a9f9a779e8882cfd4c3e6df444e5bdf85bd58409ebf96e98a54a21e3b7c1d29 7656 wordpress_6.1.6+dfsg1-0+deb12u1_all-buildd.buildinfo 11a027d5f24d25a0b9bf2a7f127c56dd623fb4647d7a6cc6b9a4a77e9feac842 7849800 wordpress_6.1.6+dfsg1-0+deb12u1_all.deb Files: 55519732997c0eafb144e63a4b93ee3a 4369632 localization optional wordpress-l10n_6.1.6+dfsg1-0+deb12u1_all.deb 0e57820fe9f314e51e83c7634c9bf95f 2580032 web optional wordpress-theme-twentytwentyone_6.1.6+dfsg1-0+deb12u1_all.deb 7290384187b985e4cdf44b49c65e9603 2079080 web optional wordpress-theme-twentytwentythree_6.1.6+dfsg1-0+deb12u1_all.deb bb54c2ca1b09d7ae231e94e671c245f6 4323048 web optional wordpress-theme-twentytwentytwo_6.1.6+dfsg1-0+deb12u1_all.deb 60a513cadf14c9717ecff2bb9828d6c0 7656 web optional wordpress_6.1.6+dfsg1-0+deb12u1_all-buildd.buildinfo 48c76e6ba1eeb044ae40b140eceb4a8c 7849800 web optional wordpress_6.1.6+dfsg1-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErEDrIdpJkzFMm6K+PyQET5WCY90FAmY76jkACgkQPyQET5WC Y92WvA/8CRzDDr/J42RfpjNRe/HIIiA1WmhFPre8B+YZk/6FzGdglOpaIVvzwKXf c9MI7z4YH9YNkhOu7RIkanT1x5nXNF6Wa3zslH3TUgO2OtIx1PGqppNe9zeoXznd ALQ4iTvY6p6BRy6mDPS8Cv8sZxJCLYmz7dA3adUSqexR+U743ZqIFzYIuhmOdjrf elZ9F+P8GqpDWGGnJSpjz+v912yV8CDizS01+/WE7ibYG6suKu2XgGIz1mAcJFGj UNb1NuNgHw8mmc4t0jLJwFzSrkPMZFHQ/QT/AgrYEIWNM5jmqVrAYjG5ZiljARWL 7Q6gBziVl7p/ichK0VEEoYeW0ASFxlFJF1AX8X8lZEf3Nx5hgL9DFDqdYN6O8Uc9 gvKe8zGvDTW9KfxK6SBjsGNtFBYZlS/R8NJuHJ4LqsmTaoez2l38QKuf2aOIFNOT Ui0cASy8/s5rMQdkKoiFIDa5/gaQjXgGfEZf+0buzA776yc9DJWnHY45pjOsMmY/ dbIBX3b30C1aa+1vfVv5ONSPNFEjSL8lPpmNtXqzZB7d2X+eNjFIFbB2pHxYW76q Kx+OTIP6aQqTYzYz9EjOkK/KC/j26DzwwWyS0dhy1YYKD1Vmxa9c9Wn3+rY54LdE mTAAfN0OBPhldix5bC7mgSX697IR+38S71DrNNiWZfapFRQjXg4= =4ljH -----END PGP SIGNATURE-----