Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/www/wordpress
From: Benny Siegert
Date: 2022-01-14 08:33:32
Message id: 20220114073332.6DFD2FB24@cvs.NetBSD.org
Log Message:
Pullup ticket #6567 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.102
- www/wordpress/PLIST                                           1.50
- www/wordpress/distinfo                                        1.86

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Jan 10 20:48:20 UTC 2022

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Security update to 5.8.3.

   Changes since 5.8:

   5.8.3

   4 security issues affect WordPress versions between 3.7 and 5.8. If you \ 
haven't yet updated to 5.8, all WordPress versions since 3.7 have also been \ 
updated to fix the following security issues:

   * Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for \ 
disclosing an issue with stored XSS through post slugs.
   * Props to Simon Scannell of SonarSource for reporting an issue with Object \ 
injection in some multisite installations.
   * Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with \ 
Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in \ 
WP_Query.
   * Props to Ben Bidner from the WordPress security team for reporting a SQL \ 
injection vulnerability in WP_Meta_Query.

   More info on https://wordpress.org/support/wordpress-version/version-5-8-3/

   5.8.2

   1 security update and fixed 2 bugs.

   More info on https://wordpress.org/support/wordpress-version/version-5-8-2/

   5.8.1

   3 security issues affects WordPress versions between 5.4 and 5.8. If you \ 
haven't yet updated to 5.8, all WordPress versions since 5.4 have also been \ 
updated to fix the following security issues:

   * Props @mdawaffe, member of the WordPress Security Team for their work \ 
fixing a data exposure vulnerability within the REST API.
   * Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability \ 
in the block editor.
   * The Lodash library has been updated to version 4.17.21 in each branch to \ 
incorporate upstream security fixes.

   In addition to these issues, the security team would like to thank the \ 
following people for reporting vulnerabilities during the WordPress 5.8 beta \ 
testing period, allowing them to be fixed prior to release:

   * Props Evan Ricafort for reporting a XSS vulnerability in the block editor \ 
discovered during the 5.8 release's beta period.
   * Props Steve Henty for reporting a privilege escalation issue in the block \ 
editor.

   More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
Files:
RevisionActionfile
1.101.4.1modifypkgsrc/www/wordpress/Makefile
1.49.4.1modifypkgsrc/www/wordpress/PLIST
1.85.2.1modifypkgsrc/www/wordpress/distinfo