-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : wordpress Version : 3.6.1+dfsg-1~deb7u18 CVE ID : CVE-2017-16510 Debian Bug : 880528
WordPress, a web blogging tool, was affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. For Debian 7 "Wheezy", these problems have been fixed in version 3.6.1+dfsg-1~deb7u18. We recommend that you upgrade your wordpress packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln+HbVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ1LhAAx5Om+zfvxRBYTUQueVy2DpHi3hGEF0S5EVYLJtqnwyafHmW1T8xy/O/k ucxW1ZdnHIr/yMGw58iISLoG//JlBPhNvw37uWuPxPPXQYSpR+widhPwjMdNNepD eQ8cWwy/Ywzx8exUlY/5YW+SjoO5BHwsZSZd8KtwuY4XKlUlaYyK/0omyTnB5hjK zix0SILKwojpMCjw25UKXkVx5Nk+kERIBdUOzs0inKIKXKrlzid+XJUj1hmsukhu Ic8NtcFiUMmvNuLmL3kg+dyUA4exZ2+fvcB6Md8YMdK/gjqVXuz2x5ZZXodxFbE3 IMOl08HuSU4caVsKjMIVrj0PI8aAhaiGopv5FkmvKlLWowUTta31Zy1YqD534/Ut /iOTx9G6jwsDnAUzWX9KTMg6c1EhVLm6aMFuyMhLHrE/hWYrI84Ior1TeOYeY8Ad J4ofHxFSmdB8CF4zR+n5g3IMBk3+pmmtQNK4QHb7nHVFHPTBcQXiPO/uyWDCR88i TJKXXwhxNYTsmQJ5rU5opzp1bC6ENkwvkPxeQMP5+va3+6RmG4eqSw6gZuXg0RLi SnmgjnNbgJrDLPsE/0SpAej9pgHjoHYzADcOZLulwtoVP3dOpp1qlmdxp8V7L/hW /vm8CHSP+EybFfh7FwZUDmmOtaKA9cT0SKlNR9OqYGJs4+F2roI= =Lxja -----END PGP SIGNATURE-----
