Your message dated Fri, 13 Jan 2017 23:07:13 +0000 with message-id <e1csawd-0002fg...@fasolo.debian.org> and subject line Bug#851310: fixed in wordpress 4.7.1+dfsg-1 has caused the Debian Bug report #851310, regarding wordpress: Eight security issues in wordpress 4.7 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851310: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wordpress Version: 4.7+dfsg-2 Severity: grave Tags: upstream security Justification: user security hole There are a bunch of security holes in wordpress 4.7. Eight! security issues! The best summary of them is at [1] which lists them as: WordPress 4.3-4.7 - Potential Remote Command Execution (RCE) in PHPMailer WordPress 4.7 - User Information Disclosure via REST API WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php WordPress 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback WordPress <= 4.7 - Post via Email Checks mail.example.com by Default WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF) WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG) Wordpress 4.7.1 apparently fixes them.[2] Sigh. 1: https://wpvulndb.com/wordpresses 2: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/6 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 4.7.1+dfsg-1 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Jan 2017 09:30:12 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.1+dfsg-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 851310 Changes: wordpress (4.7.1+dfsg-1) unstable; urgency=high . * New upstream release fixes 8 security issues, Closes: #851310 - Cryptographically Weak Pseudo-Random Number Generator - Accessibility Mode Cross-Site Request Forgery (CSRF) - Post via Email Checks mail.example.com by Default - Stored Cross-Site Scripting (XSS) via Theme Name fallback - Cross-Site Request Forgery (CSRF) via Flash Upload - Authenticated Cross-Site scripting (XSS) in update-core.php - User Information Disclosure via REST API - Potential Remote Command Execution (RCE) in PHPMailer Checksums-Sha1: 0032aec2f53c20f836726c969529f3e7692818a4 2539 wordpress_4.7.1+dfsg-1.dsc 800d2ab3d23105dc0495c32f0817d457102ae0c3 6136296 wordpress_4.7.1+dfsg.orig.tar.xz c8273db3b41e99320b410b126e05d7d717ef70b7 6777336 wordpress_4.7.1+dfsg-1.debian.tar.xz 6b6c35ebf0b6f0701225cb7fbc7e3cc890564a0c 4380680 wordpress-l10n_4.7.1+dfsg-1_all.deb 44066478ed8cfe8e56965545fbf402927d523564 699336 wordpress-theme-twentyfifteen_4.7.1+dfsg-1_all.deb 81c260c0aee4fb2c3ee77039d1776cc4e1dd7ef7 939112 wordpress-theme-twentyseventeen_4.7.1+dfsg-1_all.deb 6534b848b139cd79af89b6fcec6e83e0a75fe5b0 588168 wordpress-theme-twentysixteen_4.7.1+dfsg-1_all.deb df5f20256b6fd7045af3f53ee6ea61a1e3aa012c 3967420 wordpress_4.7.1+dfsg-1_all.deb 13c2d9076beaf60a8ce45c396b9b46cc7080d6b7 6475 wordpress_4.7.1+dfsg-1_amd64.buildinfo Checksums-Sha256: 8425eea612e81d2652f1039450c55e83eae1f296236791c130faf45f4620bbf0 2539 wordpress_4.7.1+dfsg-1.dsc 4f53774f40940a625ac0fd08355fa1e3fd09f283744608eeedc496c69d62d2ed 6136296 wordpress_4.7.1+dfsg.orig.tar.xz 611149d60fdc8b2e4e0230da3f414768cd93383914288cfb9023e01b277cf900 6777336 wordpress_4.7.1+dfsg-1.debian.tar.xz 46eaff03a69f3ef404c4f04c99355e82ca5a52c87981278ae7118cfaff9a91c6 4380680 wordpress-l10n_4.7.1+dfsg-1_all.deb 82ebc97296dee4249985d2624d0629853fdec3a244ff43d5a073e5bd410223b9 699336 wordpress-theme-twentyfifteen_4.7.1+dfsg-1_all.deb 0251adc53dd31156565e5182b6ee60a45479c3e48b16a105e5d635bbbc52fc5e 939112 wordpress-theme-twentyseventeen_4.7.1+dfsg-1_all.deb a7b0c5116193b0dcf84e399468305d03a125cd8b8b9dda9aab56082b548121f7 588168 wordpress-theme-twentysixteen_4.7.1+dfsg-1_all.deb 4129164ab506f232c7f80fbcc0013adb952a70a9adc4e3f3eeab3d0fa14f07bc 3967420 wordpress_4.7.1+dfsg-1_all.deb eb521ab65d89d04c0016e69e776bb3da389812efb9e832666c8cf46717292664 6475 wordpress_4.7.1+dfsg-1_amd64.buildinfo Files: 709580fd35a6273f289585c8d1fc592d 2539 web optional wordpress_4.7.1+dfsg-1.dsc 123be1487c274f4695bee56e2fb3dea0 6136296 web optional wordpress_4.7.1+dfsg.orig.tar.xz e5321ab6a0a7e7cc8f6dbc5d4aa748b1 6777336 web optional wordpress_4.7.1+dfsg-1.debian.tar.xz de52e16652539115da533673a762bd1f 4380680 localization optional wordpress-l10n_4.7.1+dfsg-1_all.deb 7c0b5b517dba12456072d1381ff181c3 699336 web optional wordpress-theme-twentyfifteen_4.7.1+dfsg-1_all.deb cbfa0a6a9da0c69a270a031cacaedb6d 939112 web optional wordpress-theme-twentyseventeen_4.7.1+dfsg-1_all.deb 3b8007026136a1a342b556351690a282 588168 web optional wordpress-theme-twentysixteen_4.7.1+dfsg-1_all.deb 4a61d3833f768e87825ce01fbca2d17d 3967420 web optional wordpress_4.7.1+dfsg-1_all.deb 6ae047874dbee8f0f376ac61b0967a04 6475 web optional wordpress_4.7.1+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlh5Va4ACgkQAiFmwP88 hOM46Q/9GHpXow4I9u7zmqHLqihTqPgl0N8308JFV/nag/BvUHbqTXCvS74yZkmB 2AUJ6TLxnAS93W2soKBiNmE1IqLLp7S//hEY8QpfvkIPkqfFSLSQC1t8DhVJFNVe l6e01wxYesBYvmht3FXsllvuvLqsTlfA7SyUtM03x8Cj4Enpx2yAvabP1yIlmjm2 eeJj/iEoAAM8NSzjcXuBx6LO24vhPZXGe/T5eC0iR224b/0ywrjsFtoeH8sF0H7t doNQDOJq/zOVY5wVcsVU70UbskUSOJiB5FnFv/RHpfTLtLsywaA6tSDL2S6SYovQ MNcr4toK67ZPApp4tUkBApxnLyroMhwI1+HKdxsDN3+8QlY/b8f0f/L1OA1ndLD9 MOgVPZKZteZpBaGnJCcR2D7h7udm4NEjVjkBvPyxoW8kUGNl+DTlESvzHVIm2nFz 0t0aqXJMmb7dDndTQyUfC8WSHIgaljLqOq33vaY+YFioB1WsAbc+1PpcBXYJYE90 zCfzPR8WeJ5iTnegyaLEk30Dz9M/pnKaDAPlFuweTdHR7Jfp1SY978gjtxlXQKQF Rktc330V9ptiPBl+BW0xZ9R0r6Vt1ybza79/9YCFnd5kQo/aensG19AJ36HzEQoU bkZVe3fdq4vPcOq6OSRLJnR7ykThLOJ+i5hjzatbRzUPBQ07j48= =zj9g -----END PGP SIGNATURE-----
--- End Message ---
