Hi, On Fri, Jan 08, 2016 at 09:46:46PM +1100, Craig Small wrote: > Source: wordpress > Version: 4.4 > Severity: important > Tags: security upstream > > Wordpress 4.4.1 is out with the following message[1] > > WordPress 4.4.1 is now available. This is a security release for all > previous versions and we strongly encourage you to update your sites > immediately. > > WordPress versions 4.4 and earlier are affected by a cross-site > scripting vulnerability that could allow a site to be compromised. This > was reported by Crtc4L. > > sid will be easy as its an upgrade to 4.4.1 I'm having trouble figuring > out what changeset is the relevant one. Without that, I cannot pass the > the one changeset out of the 40 or 50 down to the other dists.
CVE-2016-1564 has been assigned for issue. The relevant change should be https://core.trac.wordpress.org/changeset/36185 . Regards, Salvatore
