Debian
wordpress package

wordpress 6.0.3+dfsg1-1 source package in Debian

Changelog

wordpress (6.0.3+dfsg1-1) unstable; urgency=high

  * New security release Closes: #1022575
    - Stored XSS via wp-mail.php (post by email)
    - Open redirect in `wp_nonce_ays`
    - Sender’s email address is exposed in wp-mail.php
    - Media Library – Reflected XSS via SQLi
    - CSRF in wp-trackback.php
    - Stored XSS via the Customizer
    - Revert shared user instances introduced in 50790
    - Stored XSS in WordPress Core via Comment Editing
    - Data exposure via the REST Terms/Tags Endpoint
    - Content from multipart emails leaked
    - SQL Injection due to improper sanitization in `WP_Date_Query`
    - RSS Widget: Stored XSS issue
    - Stored XSS in the search block
    - Feature Image Block: XSS issue
    - RSS Block: Stored XSS issue
    - Fix widget block XSS

 -- Craig Small <email address hidden>  Mon, 24 Oct 2022 21:10:11 +1100

Upload details

Uploaded by:
Craig Small
Uploaded to:
Sid
Original maintainer:
Craig Small
Architectures:
all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_6.0.3+dfsg1-1.dsc 2.3 KiB d4c403fda1a7396d2a8350afb37e8326df8e61b27846ac092478dd451b1a39ca
wordpress_6.0.3+dfsg1.orig.tar.xz 14.8 MiB 5f10b256f9072d35a4cb241a804610026d804d5bb448fcd99590d63cce03dd7a
wordpress_6.0.3+dfsg1-1.debian.tar.xz 6.5 MiB b322f85cb4bf966da6398507abe3f5da069d7441eae153ee5395a9a421cb1c32

No changes file available.

Binary packages built by this source