Ubuntu
wordpress package

Change logs for wordpress source package in Hirsute

  1. Hirsute (21.04)
  2. Change log 
  • wordpress (5.6+dfsg1-2ubuntu1) hirsute; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/setup-mysql: create the user before granting privileges, and
      use mysql_native_password authentication.

wordpress (5.6+dfsg1-2) unstable; urgency=medium

  * Removed php5 alternative dependencies as these are only in
    oldoldstable
  * source-only upload for Bullseye Closes: #977517

wordpress (5.6+dfsg1-1) unstable; urgency=medium

  * New upstream release
  * Removed theme twentyseventeen
  * Added theme twentytwentyone
  * Update to standards version 4.5.1

wordpress (5.5.3+dfsg1-1) unstable; urgency=high

  * Security release, fixes 8 bugs Closes: #973562
     - CVE-2020-28039: Protected meta that could lead to arbitrary
                       file deletion.
     - CVE-2020-28035: XML-RPC privilege escalation.
     - CVE-2020-28036: XML-RPC privilege escalation.
     - CVE-2020-28032: Hardening deserialization requests.
     - CVE-2020-28037: DoS attack could lead to RCE.
     - CVE-2020-28038: Stored XSS in post slugs.
     - CVE-2020-28033: Disable spam embeds from disabled sites
                       on a multisite network.
     - CVE-2020-28034: Cross-Site Scripting (XSS) via global variables.
     - CVE-2020-28040: CSRF attacks that change a theme's background image.
  * Removed TinyMCE build dependency as its very old
  * d/dirs: Add two more language directories

wordpress (5.5.1+dfsg1-1) unstable; urgency=medium

  * New upstream release
  * Remove patch CVE-2017-8295 as it is in upstream

wordpress (5.4.2+dfsg1-1) unstable; urgency=medium

  * Security release, fixes 6 security bugs Closes: #962685
    - CVE-2020-4046
      Authenticated XSS through embed block
    - CVE-2020-4047
      Authenticated XSS via media attachment page
    - CVE-2020-4048
      Open redirect in wp_validate_redirect()
    - CVE-2020-4049
      Authenticated self-XSS via theme uploads
    - CVE-2020-4050
      'set-screen-option' filter misuse by plugins leading to privilege
      escalation
  * Prevent unmoderated comments from search engine indexation

wordpress (5.4.1+dfsg1-1) unstable; urgency=medium

  * Security release, fixes 6 security bugs Closes: #959391
    - CVE-2020-11025
      XSS vulnerability in the navigation section of Customizer allows
      JavaScript code to be executed.
    - CVE-2020-11026
      uploaded files to Media section to lead to script execution
    - CVE-2020-11027
      Password reset link does not expire
    - CVE-2020-11028
      Private posts can be found through searching by date
    - CVE-2020-11029
      XSS in stats() method in class-wp-object-cache
    - CVE-2020-11030
      Special payload can execute scripts in block editor
  * Add multi-arch tags
  * Update to standards 4.5.0

wordpress (5.4+dfsg1-1) unstable; urgency=medium

  * New upstream source
  * Remove debian.cnf call for create database Closes: #884877
  * Add note for iputils-ping required for setup-mysql. Closes: #944465
  * Themes: twentysixteen removed, twentytwenty added
  * Themes: remove conflict with ancient wordpress

 -- Steve Langasek <email address hidden>  Fri, 08 Jan 2021 15:56:33 -0800
  • wordpress (5.3.2+dfsg1-1ubuntu1) focal; urgency=medium

  * Fix compatibility with MySQL 8.0 (LP: #1852775)
    - debian/setup-mysql: create the user before granting privileges, and
      use mysql_native_password authentication.

 -- Marc Deslauriers <email address hidden>  Mon, 27 Jan 2020 11:51:19 -0500