[SECURITY] Fedora EPEL 9 Update: wordpress-6.0.3-1.el9 - epel-package-announce - Fedora mailing-lists

26 Oct 2022


      --------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2022-a2b7e4338d
2022-10-26 16:48:44.706245
--------------------------------------------------------------------------------
Name        : wordpress
Product     : Fedora EPEL 9
Version     : 6.0.3
Release     : 1.el9
URL         : http://www.wordpress.org
Summary     : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
**WordPress 6.0.3 Security Release**  Security updates included in this release
*    Stored XSS via wp-mail.php (post by email) ��� Toshitsugu Yoneyama of Mitsui
Bussan Secure Directions, Inc. via JPCERT *    Open redirect in `wp_nonce_ays` ���
devrayn *    Sender���s email address is exposed in wp-mail.php ��� Toshitsugu
Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT *    Media Library
��� Reflected XSS via SQLi ��� Ben Bidner from the WordPress security team and Marc
Montpas from Automattic independently discovered this issue *    CSRF in wp-
trackback.php ��� Simon Scannell *    Stored XSS via the Customizer ��� Alex Concha
from the WordPress security team *    Revert shared user instances introduced in
50790 ��� Alex Concha and Ben Bidner from the WordPress security team *    Stored
XSS in WordPress Core via Comment Editing ��� Third-party security audit and Alex
Concha from the WordPress security team *    Data exposure via the REST
Terms/Tags Endpoint ��� Than Taintor *    Content from multipart emails leaked ���
Thomas Kr��ftner *    SQL Injection due to improper sanitization in
`WP_Date_Query` ��� Michael Mazzolini *    RSS Widget: Stored XSS issue ��� Third-
party security audit *    Stored XSS in the search block ��� Alex Concha of the WP
Security team *    Feature Image Block: XSS issue ��� Third-party security audit *
RSS Block: Stored XSS issue ��� Third-party security audit *    Fix widget block
XSS ��� Third-party security audit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2022 Remi Collet remi@remirepo.net - 6.0.3-1
- WordPress 6.0.3 Security Release
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs.  Use
su -c 'yum update wordpress' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------