tag 852767 pending
thanks

Hello,

Bug #852767 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=f296dbb

---
commit f296dbb87731274d1c499b28fc52f2de542c1f28
Author: Craig Small <[email protected]>
Date:   Fri Jan 27 18:40:02 2017 +1100

    changelog: update to 4.7.2
    
    The CVE IDs are not known as yet.

diff --git a/debian/changelog b/debian/changelog
index 3788568..bda9430 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,34 @@
+wordpress (4.7.2+dfsg-1) UNRELEASED; urgency=high
+
+  *  New upstream release fixes 3 security issues Closes: #852767
+     - CVE-2017-XXXX
+       The user interface for assigning taxonomy terms in Press This is
+       shown to users who do not have permissions to use it.
+     - CVE-2017-XXXX
+       WP_Query is vulnerable to a SQL injection (SQLi)
+     - CVE-2017-XXXX
+       XSS in the posts list table
+  
+ -- Craig Small <[email protected]>  Fri, 27 Jan 2017 18:29:40 +1100
+
 wordpress (4.7.1+dfsg-1) unstable; urgency=high
 
   * New upstream release fixes 8 security issues, Closes: #851310 
-    - Cryptographically Weak Pseudo-Random Number Generator
-    - Accessibility Mode Cross-Site Request Forgery (CSRF)
-    - Post via Email Checks mail.example.com by Default
+    - CVE-2017-5493
+      Cryptographically Weak Pseudo-Random Number Generator
+    - CVE-2017-5492
+      Accessibility Mode Cross-Site Request Forgery (CSRF)
+    - CVE-2017-5491
+      Post via Email Checks mail.example.com by Default
+      CVE-2017-5490
     - Stored Cross-Site Scripting (XSS) via Theme Name fallback
+      CVE-2017-5489
     - Cross-Site Request Forgery (CSRF) via Flash Upload
+      CVE-2017-5488
     - Authenticated Cross-Site scripting (XSS) in update-core.php
+      CVE-2017-5487
     - User Information Disclosure via REST API
+      CVE-2016-10066
     - Potential Remote Command Execution (RCE) in PHPMailer
 
  -- Craig Small <[email protected]>  Sat, 14 Jan 2017 09:30:12 +1100

Reply via email to