tag 852767 pending
thanks
Hello,
Bug #852767 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=f296dbb
---
commit f296dbb87731274d1c499b28fc52f2de542c1f28
Author: Craig Small <[email protected]>
Date: Fri Jan 27 18:40:02 2017 +1100
changelog: update to 4.7.2
The CVE IDs are not known as yet.
diff --git a/debian/changelog b/debian/changelog
index 3788568..bda9430 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,34 @@
+wordpress (4.7.2+dfsg-1) UNRELEASED; urgency=high
+
+ * New upstream release fixes 3 security issues Closes: #852767
+ - CVE-2017-XXXX
+ The user interface for assigning taxonomy terms in Press This is
+ shown to users who do not have permissions to use it.
+ - CVE-2017-XXXX
+ WP_Query is vulnerable to a SQL injection (SQLi)
+ - CVE-2017-XXXX
+ XSS in the posts list table
+
+ -- Craig Small <[email protected]> Fri, 27 Jan 2017 18:29:40 +1100
+
wordpress (4.7.1+dfsg-1) unstable; urgency=high
* New upstream release fixes 8 security issues, Closes: #851310
- - Cryptographically Weak Pseudo-Random Number Generator
- - Accessibility Mode Cross-Site Request Forgery (CSRF)
- - Post via Email Checks mail.example.com by Default
+ - CVE-2017-5493
+ Cryptographically Weak Pseudo-Random Number Generator
+ - CVE-2017-5492
+ Accessibility Mode Cross-Site Request Forgery (CSRF)
+ - CVE-2017-5491
+ Post via Email Checks mail.example.com by Default
+ CVE-2017-5490
- Stored Cross-Site Scripting (XSS) via Theme Name fallback
+ CVE-2017-5489
- Cross-Site Request Forgery (CSRF) via Flash Upload
+ CVE-2017-5488
- Authenticated Cross-Site scripting (XSS) in update-core.php
+ CVE-2017-5487
- User Information Disclosure via REST API
+ CVE-2016-10066
- Potential Remote Command Execution (RCE) in PHPMailer
-- Craig Small <[email protected]> Sat, 14 Jan 2017 09:30:12 +1100