it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5279-1] wordpress security update

From: Sebastien Delafond <seb AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5279-1] wordpress security update
Date: Tue, 15 Nov 2022 17:35:52 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
List-archive: https://lists.debian.org/msgid-search/E1ouzqi-001fe0-KO AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=wOB0wFGgIMINEDu4L/sah8GnsaS2FmuxuL0/cvzPodc=; b=QI PtN/7al48IuCJJrDhTZygnsVDMnf3cZKEgPrKfoD/4T8+7DskjoOCWjINCKZ6TacQeEL6kSJJO7dF anJ2HLYgUptSRzVYyjTYzqBGxMno7INKToJ/31jIXKzLjdUvsqpDRmGt4FaQ20XpWoaqyfXaj/nKU wAjKh+rEOqA61OSNlp/PdfFtFwdwdXqdhkl/g3VJaj/IE0ciVqWJvhPXmLQ50mHGs8gnfO2F0dPuG UwZK1emDCqNrf9rXBTe3sULyjjCq8xWSuNi5OsJU+445Znwc+TSxryDtqDqJUxRwWYhjHxluUmE48 XvfTilI6URiczFwR/zPEOfrOlyEVHzcg==;
Old-return-path: <seb AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 15 Nov 2022 17:36:22 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <0FJOqk_KY7O.A.DZH.W48cjB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5279-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
November 15, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wordpress
Debian Bug : 1007005 1018863 1022575

Several vulnerabilities were discovered in Wordpress, a web blogging
tool. They allowed remote attackers to perform SQL injection, create
open redirects, bypass authorization access, or perform Cross-Site
Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.

For the stable distribution (bullseye), this problem has been fixed in
version 5.7.8+dfsg1-0+deb11u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmNzzVQACgkQEL6Jg/PV
nWQM0wf/e4a7tlCxa11letnmRkSODUvOyq1/7DrzEX75Jne/PlhjeNPTgBSk5Wlz
JlQ/enK93HDu7Sy4IrVHio24s48wZs9rP+Vo2z53K6bmEsDdIkBSRlJ1YuMlNIxm
oaNKhNcy+JumXcS7u35ok7T7tIO1TBkpBZgIiEDg3MoeYN4v6E6mG6F7zTZ96Nyq
wFRHwv3huca5ptmQq1tpofVuF1hlskwiGyFKlZ9SgcIibOqKz+sNjE0Ei//ZjEX5
vHnexoBk6Mf67veB8DktFCECXK65PDuXCvbSROr1cfVzI848sY6PwgYgFSvBf5vL
F4ojg/qDFj08o5J978YeKHs0SX4bmg==
=U6JF
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5279-1] wordpress security update, Sebastien Delafond, 15.11.2022

Archiv bereitgestellt durch MHonArc 2.6.24.