CVS commit: pkgsrc/www/wordpress

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Mar 12 15:58:43 UTC 2026

Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

Log Message:
www/wordpress: update to 6.9.2

6.9.2 (2026-03-10)

This is a security release that features several fixes.

* A Blind SSRF issue reported by sibwtf, and subsequently by several other
  researchers while the fix was being worked on

* A PoP-chain weakness in the HTML API and Block Registry reported by Phat
  RiO

* A regex DoS weakness in numeric character references reported by Dennis
  Snell of the WordPress Security Team

* A stored XSS in nav menus reported by Phill Savage

* An AJAX query-attachments authorization bypass reported by Vitaly
  Simonovich

* A stored XSS via the data-wp-bind directive reported by kaminuma

* An XSS that allows overridding client-side templates in the admin area
  reported by Asaf Mozes

* A PclZip path traversal issue reported independently by Francesco Carlucci
  and kaminuma

* An authorization bypass on the Notes feature reported by kaminuma

* An XXE in the external getID3 library reported by Youssef Achtatal


To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.97 -r1.98 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/wordpress/Makefile
diff -u pkgsrc/www/wordpress/Makefile:1.116 pkgsrc/www/wordpress/Makefile:1.117
--- pkgsrc/www/wordpress/Makefile:1.116 Sun Mar  8 13:45:27 2026
+++ pkgsrc/www/wordpress/Makefile       Thu Mar 12 15:58:43 2026
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.116 2026/03/08 13:45:27 taca Exp $
+# $NetBSD: Makefile,v 1.117 2026/03/12 15:58:43 taca Exp $
 
 DISTNAME=              wordpress-${VERSION}
 PKGNAME=               ${PHP_PKG_PREFIX}-${DISTNAME}
-VERSION=               6.9.1
+VERSION=               6.9.2
 CATEGORIES=            www
 MASTER_SITES=          https://wordpress.org/
 

Index: pkgsrc/www/wordpress/distinfo
diff -u pkgsrc/www/wordpress/distinfo:1.97 pkgsrc/www/wordpress/distinfo:1.98
--- pkgsrc/www/wordpress/distinfo:1.97  Sun Mar  8 13:45:27 2026
+++ pkgsrc/www/wordpress/distinfo       Thu Mar 12 15:58:43 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.97 2026/03/08 13:45:27 taca Exp $
+$NetBSD: distinfo,v 1.98 2026/03/12 15:58:43 taca Exp $
 
-BLAKE2s (wordpress-6.9.1.tar.gz) = 1aeb5c388c17317562d256bafa124f7163615bb7813ee99c65017d02af30f58a
-SHA512 (wordpress-6.9.1.tar.gz) = 66ee4b040efadf99ca250ca9731701003bedf550d4287d6637464d45d57eb8903a1dd82bc3b009c9c9e5892a6dec04c3b73cc05311da0dc0ae6f297be8652c1d
-Size (wordpress-6.9.1.tar.gz) = 27062929 bytes
+BLAKE2s (wordpress-6.9.2.tar.gz) = 28fc69328c0405023a572395e52fe19b7530dc5e4f6630d5f43f687c83e2d5a6
+SHA512 (wordpress-6.9.2.tar.gz) = b3e9045bf29fcac57cb6e237c3959760cfb739d77698a435f0c5296f5c8a12c3160a015a231dcb3698bc18336cfed3f0ee30f546ee7ee9ea7f2f1edadb4f1962
+Size (wordpress-6.9.2.tar.gz) = 27064509 bytes