I had a similar query from the security team. I think you are looking for changeset 37798. I got a security update but waiting on the team.
I cannot see why 4.1.12 doesn't have this. https://core.trac.wordpress.org/changeset/37798 - Craig On Tue, Jul 26, 2016 at 4:42 PM Markus Koschany <a...@debian.org> wrote: > Hi Craig, > > I have prepared a security update for Wordpress in Wheezy and pushed my > work to > > > https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?h=wheezy&id=d1f7bfa1d5109509bb4ab7ab23d0e7e7dc8736cc > > I intend to release it soon but I haven't found the changeset / fix for > CVE-2016-5836 yet. Do you have any idea where can I find more > information about that? Your update for Jessie doesn't seem to include > it. I looked at the diff between 4.5.2 and 4.5.3 and could find some > changes regarding oEmbed but I would appreciate another confirmation. > > Regards, > > Markus > >