-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 Jan 2017 08:53:11 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u12 Distribution: jessie-security Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 851310 852767 Changes: wordpress (4.1+dfsg-1+deb8u12) jessie-security; urgency=high . * Backport patches from 4.7.1 Closes: #851310 - CVE-2016-10066 Potential Remote Command Execution (RCE) in PHPMailer - CVE-2017-5488 Authenticated Cross-Site scripting (XSS) in update-core.php - CVE-2017-5490 Stored Cross-Site Scripting (XSS) via Theme Name fallback - CVE-2017-5491 Post via Email Checks mail.example.com by Default - CVE-2017-5492 Accessibility Mode Cross-Site Request Forgery (CSRF) - CVE-2017-5493 Cryptographically Weak Pseudo-Random Number Generator - CVE-2017-5489 Cross-Site Request Forgery (CSRF) via Flash Upload Changesets 39838 and 39857, thanks Seb <s...@debian.org> * Backport patches from 4.7.2 Closes: #852767 - CVE-2017-5610 The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Changeset 39976 - CVE-2017-5611 WP_Query is vulnerable to a SQL injection (SQLi) Changeset 39962 - CVE-2017-5612 XSS in the posts list table Changeset 39985 * Not vulnerable - CVE-2017-5487 User Information Disclosure via REST API - API doesn't exist Checksums-Sha1: 253d61d082ee7b20f9816d1132f6f7eb941dc9fe 2551 wordpress_4.1+dfsg-1+deb8u12.dsc 54f8843e52895317bb448c4775983074d6f943e4 6158196 wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz a06255b2ac28a553f71530a7c04b6c6817c730ce 3173462 wordpress_4.1+dfsg-1+deb8u12_all.deb d58aab3ddbbc89749dc15a3274adc3fae51a18c5 4238812 wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb e6bad07f7b8c99eef4bc27b7c4321f19e32ef8e2 502594 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb bb731ada7b689b45fbed605471e6cf06e2e5923e 803820 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb 4fe4faa6c5642130f2a932d41c8c40511d91d1b7 321380 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb Checksums-Sha256: d992b41737f0cd2f7ced0a12b379ba867fb86f38b611c84afba46b382ed8397f 2551 wordpress_4.1+dfsg-1+deb8u12.dsc 3e664ca4320e6cd2a319e3ca9bdaacbaeb5c2181f9e9b57423c29b9e112b6ea4 6158196 wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz 406bcdeb512de8a967f51518751e05feead9a043975480342cb6bef1900114ea 3173462 wordpress_4.1+dfsg-1+deb8u12_all.deb 61329288c55e2b7f581a07b6d63c221d18cb671c9568883b092ceac5005760c7 4238812 wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb ef645303cbc499189d106ce141592550c49ed9651553769802df877a407c6df5 502594 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb 18bfafb26bb3eeab7733c599d234a9bdf4a3b85f967e92a4447f6c8570d7590f 803820 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb 381ed3513c4f8e230a19c69f9439a6cb616aa987d5e8a77d310090c680511a8b 321380 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb Files: f67c4cb3a48be59312ebb62f70e4e04e 2551 web optional wordpress_4.1+dfsg-1+deb8u12.dsc 4d939fe84850f132ec327075a199172f 6158196 web optional wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz 0d71f65b49994fb52e3d4f89c0b1d68e 3173462 web optional wordpress_4.1+dfsg-1+deb8u12_all.deb dbc626fbaea46f0e98a703a1b07aa696 4238812 localization optional wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb 4bf8db324e70ff9206aadddb2beebc0a 502594 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb 039ebe780c0089c252334fff1cb7aa39 803820 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb c1ceb915129dd18e3dd09f7df1095809 321380 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAliPKQsACgkQAiFmwP88 hOMjyA/9H6ewfYZ4HhxwbKVaxs7R1rw4ZQ2nmlvb7CvhlHyQZbh9Ffe7vT+wOK2+ Q98UVyJsEQFzDLEqfCV4NozVRtRj4uYdi61GB3ylrww5DM2b1NyueTanAEwopvBL POR05KpvFcAp/11XsuVjPy/z6Ifx0tbKl8+WyrBDyPoQs+Y1MVIcepWk9p+Hd5kl RanMIdfY1+7fOPLZJec8IDGYWpftB3+IjEU5P1gAX7md0eEqfU5NBgP7nM+YsaUF /X/yNUzl7lDzxJtv2lx1ZRQq42lDcdx/bBZ+GcWDgE8HpNW/exsSx69q4Wj/I1VB 7Ptecwp38ZhFZ73bI7U2oEWnRgS3olBOqEM9tNmDezsM0rr6G6tHzMmm2ccX+RQg hsw19u76GsKOJjOXLJJkj/eotJrKhpyK4it3DkECIgUHWPgsKEaFhojWEWr4MIDh ckS+aOoXDBGQup8Qxw/kQUIrfpB93WVhneLkXEiUM5KCGum4Ww4Yfuo3lDeXwCsR 6TM0arzZQB8QFs7sJhandivSzJP0Ea/KTSjXwSAkDC0tV5D4hDoPRog3Rr7WIYkL oA1dlRdEbQAwvr4XXkW5wJ+aD99dyESon0wJONofDTB9ZUYUO/FmFPcVI0beRaUe xCbZDLIigh72dJqPLIOSFEqmWF7LJtbdL187ZkFY6qmqBamp7/A= =ySyR -----END PGP SIGNATURE-----