-
wordpress (5.3.2+dfsg1-1ubuntu1) focal; urgency=medium
* Fix compatibility with MySQL 8.0 (LP: #1852775)
- debian/setup-mysql: create the user before granting privileges, and
use mysql_native_password authentication.
-- Marc Deslauriers <email address hidden> Mon, 27 Jan 2020 11:51:19 -0500
-
wordpress (5.3.2+dfsg1-1) unstable; urgency=high
* Fixes some important but non-security bugs.
* Thanks to Nils Radtke <email address hidden> for
their assistance.
* Version 5.3.1 is a security release, fixes several
issues Closes: #946905
- an unprivileged user could make a post sticky via the REST API.
- cross-site scripting (XSS) could be stored in well-crafted links
- hardening wp_kses_bad_protocol() to ensure that it is aware
of the named colon attribute.
- stored XSS vulnerability using block editor content.
* Fix error in CVE-2017-14990 patch where sub-sites cannot
authenticate users. Thanks Connor for your help!
-- Craig Small <email address hidden> Fri, 27 Dec 2019 15:18:07 +1100
-
wordpress (5.2.4+dfsg1-1) unstable; urgency=high
* Security release, fixes several issues Closes: #942459
- Stored XSS in the Customizer
- Viewing unauthenticated posts
- Stored XSS to inject ajavascript into style tags
- Poisoning JSON GET requests
- SSRF in URL vaidation
- Referer validation in admin screens
-- Craig Small <email address hidden> Thu, 17 Oct 2019 21:32:54 +1100
-
wordpress (5.2.2+dfsg1-1) unstable; urgency=medium
* New upstream release
-- Craig Small <email address hidden> Tue, 25 Jun 2019 21:03:42 +1000