Subject: CVS commit: pkgsrc/www/wordpress
From: Daniel Horecki
Date: 2022-01-10 21:48:20
Message id: 20220110204820.5E123FB24@cvs.NetBSD.org
Log Message:
Security update to 5.8.3.

Changes since 5.8:

5.8.3

4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't \ 
yet updated to 5.8, all WordPress versions since 3.7 have also been updated to \ 
fix the following security issues:

* Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing \ 
an issue with stored XSS through post slugs.
* Props to Simon Scannell of SonarSource for reporting an issue with Object \ 
injection in some multisite installations.
* Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend \ 
Micro Zero Day Initiative on reporting a SQL injection vulnerability in \ 
WP_Query.
* Props to Ben Bidner from the WordPress security team for reporting a SQL \ 
injection vulnerability in WP_Meta_Query.

More info on https://wordpress.org/support/wordpress-version/version-5-8-3/

5.8.2

1 security update and fixed 2 bugs.

More info on https://wordpress.org/support/wordpress-version/version-5-8-2/

5.8.1

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't \ 
yet updated to 5.8, all WordPress versions since 5.4 have also been updated to \ 
fix the following security issues:

* Props @mdawaffe, member of the WordPress Security Team for their work fixing a \ 
data exposure vulnerability within the REST API.
* Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in \ 
the block editor.
* The Lodash library has been updated to version 4.17.21 in each branch to \ 
incorporate upstream security fixes.

In addition to these issues, the security team would like to thank the following \ 
people for reporting vulnerabilities during the WordPress 5.8 beta testing \ 
period, allowing them to be fixed prior to release:

* Props Evan Ricafort for reporting a XSS vulnerability in the block editor \ 
discovered during the 5.8 release's beta period.
* Props Steve Henty for reporting a privilege escalation issue in the block editor.

More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
Files:
RevisionActionfile
1.102modifypkgsrc/www/wordpress/Makefile
1.50modifypkgsrc/www/wordpress/PLIST
1.86modifypkgsrc/www/wordpress/distinfo