FEDORA-2019-e16ba9e54e created by remi 9 months ago for Fedora 31
stable

WordPress 5.3.2 Maintenance Release

Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues.

Main issues addressed in 5.3.2:

  • Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
  • Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
  • Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Administration: Fix the colors in all color schemes for buttons with the .active class.
  • Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

See: WordPress 5.3.1 Security and Maintenance Release

Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.

  • Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
  • Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-e16ba9e54e

This update has been submitted for testing by remi.

9 months ago

This update's test gating status has been changed to 'waiting'.

9 months ago

This update has obsoleted wordpress-5.3.1-1.fc31, and has inherited its bugs and notes.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

This update has been pushed to testing.

9 months ago

This update's test gating status has been changed to 'greenwave_failed'.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

This update can be pushed to stable now if the maintainer wishes

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update's test gating status has been changed to 'greenwave_failed'.

9 months ago

This update's test gating status has been changed to 'ignored'.

9 months ago

FEDORA-2019-e16ba9e54e ejected from the push because "Cannot find relevant tag for wordpress-5.3.2-1.fc31. None of ['f31-updates', 'f31-updates-pending'] are in ['dist-6E-epel-testing', 'epel7-testing', 'dist-5E-epel-testing', 'f27-modular-updates-testing', 'f30-modular-updates-testing', 'f30-container-updates-testing', 'f30-flatpak-updates-testing', 'f28-modular-updates-testing', 'f28-container-updates-testing', 'epel8-testing', 'f31-modular-updates-testing', 'f32-container-updates-testing', 'f31-container-updates-testing', 'f31-flatpak-updates-testing', 'f29-modular-updates-testing', 'f29-container-updates-testing', 'f29-flatpak-updates-testing', 'f22-updates-testing', 'f21-updates-testing', 'f25-updates-testing', 'f24-updates-testing', 'f23-updates-testing', 'f26-updates-testing', 'f27-updates-testing', 'f30-updates-testing', 'f28-updates-testing', 'f31-updates-testing', 'f32-updates-testing', 'f29-updates-testing', 'epel8-modular-updates-testing']."

8 months ago

FEDORA-2019-e16ba9e54e ejected from the push because "Cannot find relevant tag for wordpress-5.3.2-1.fc31. None of ['f31-updates', 'f31-updates-pending'] are in ['dist-6E-epel-testing', 'epel7-testing', 'dist-5E-epel-testing', 'f27-modular-updates-testing', 'f30-modular-updates-testing', 'f30-container-updates-testing', 'f30-flatpak-updates-testing', 'f28-modular-updates-testing', 'f28-container-updates-testing', 'epel8-testing', 'f31-modular-updates-testing', 'f32-container-updates-testing', 'f31-container-updates-testing', 'f31-flatpak-updates-testing', 'f29-modular-updates-testing', 'f29-container-updates-testing', 'f29-flatpak-updates-testing', 'f22-updates-testing', 'f21-updates-testing', 'f25-updates-testing', 'f24-updates-testing', 'f23-updates-testing', 'f26-updates-testing', 'f27-updates-testing', 'f30-updates-testing', 'f28-updates-testing', 'f31-updates-testing', 'f32-updates-testing', 'f29-updates-testing', 'epel8-modular-updates-testing']."

8 months ago

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
9 months ago
in testing
9 months ago
in stable
8 months ago

Automated Test Results