-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Oct 2017 21:27:47 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u15 Distribution: jessie-security Urgency: medium Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 877629 Changes: wordpress (4.1+dfsg-1+deb8u15) jessie-security; urgency=medium . * Backport security patches from 4.8.2 - CVE-2017-14723 $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) Changeset 41472, 41498 - CVE-2017-14726 Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436 - CVE-2017-14719 Path traversal vulnerability in the file unzipping code Changeset 41459 - CVE-2017-14721 Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413 - CVE-2017-14725 Open redirect in the user edit screens The term/tag edit screen does not have this issue. Changeset 41424 - CVE-2017-14722 Path traversal vulnerability in the customizer Changeset 41430 - CVE-2017-14720 Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor) - CVE-2017-14718 Cross-site scripting (XSS) vulnerability in the link modal * Not vulnerable: - CVE-2017-14724 Cross-site scripting (XSS) vulnerability in the oEmbed discovery oEmbed feature not present in this version * Hash user activation key Closes: #877629 Fixes CVE-2017-14990 Checksums-Sha1: db2320ddadc5c9a4f30cecd0e14948c7b26562a1 2551 wordpress_4.1+dfsg-1+deb8u15.dsc aa5bc8c96a94d92174ecd8d559647bc179d27c74 6168064 wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz 835bd96002b29ce47a861c04b449531a81256dce 3174878 wordpress_4.1+dfsg-1+deb8u15_all.deb bdd9505dfd9074f963dd2ffa08d741415e0f733b 4240582 wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb 80530f567769c5df70bac3bd26762f7d8ec3ab8f 504074 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb e81b460ffe9a7757a5622e8bfa84a94aef699924 804688 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb e98890b55cda92eb2493b2adfa471911b221d265 322296 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb Checksums-Sha256: 7aa386fcde3fd7a463fc077ad02aaa6baf31d7f09f014033b9a8fb2dbbf8393a 2551 wordpress_4.1+dfsg-1+deb8u15.dsc 7edf0bd3dae8b915cd5856dd6bad484fb468460d67ee68e199dc53f57de4b19f 6168064 wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz cb592e42e9315d8f8bda9e04b0c349c30dba6472956c1804753fa0ddb80054c8 3174878 wordpress_4.1+dfsg-1+deb8u15_all.deb f93ecdbcbfcd87c54f46852715fd0ac719047a0c21512f6a74875c0561ba3a54 4240582 wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb f711f36f78a61866e087885934f2945dad7fa53d04986f87cfa53a67310e85cc 504074 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb f6b268d99dcfdc01e6159dc7caa3763aed2016de78888bc3c0d5a198c9509153 804688 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb 36042cfe380ff53ee0ce3404dd8a3e9401c3550ddfb3b9031c46ec1d74a749c8 322296 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb Files: 7ea61893f9e2d1bc3765f637b91a28e8 2551 web optional wordpress_4.1+dfsg-1+deb8u15.dsc f73c90aca3732b650c1fc2ddbda4e2d6 6168064 web optional wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz 03aee73fff713d59a75121d45c655233 3174878 web optional wordpress_4.1+dfsg-1+deb8u15_all.deb 5c55e5a0af05bace40d7f7cf5ffe1086 4240582 localization optional wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb 5bb33915d7560845b125c7137dc17c77 504074 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb 5a9e058b8c151e5b8f3ae1f8d5ed6b50 804688 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb 79dc297d588df7a283cc1a411f04f1e3 322296 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnd90wACgkQAiFmwP88 hON9HBAAoH3v6So2izPUITUPpMKot79GrgzpobQeFD5n0y2epfO6PS4cyBp2PC7h 5VDvZ2tz62RdtGymW0OcfluQJw7uO2xJFPKV8MNqEucmfJ05nUYqHnBfRNLE5ww9 ZAGOE/4NYZoyE1jA+ZPtfdYoSoTrzc3bbOtUhn4F5YUywC0rIaNPLolzlvq45vJA FEuxxvlmG0SdrBw291L8xso0yCnwKc98VgRVheR/Qs1L3+Rc6EnwNFkFTdCtEjI7 IAfxvRYWEZopig6E8cK1LbaI8+1oIq8Feg/UIn3G+kC/eSo+Npc0gsf3OaCYVTsF YUBvcPWE67NtVE4AHrt+QlPiNn9efaj/lo2QqyVQxZryYrpqrIcCRKIqCPLSKtFa KCFzDdQcA5fmW0cIhVijI0ZD6WhvKQ2B9UepZAOBX2ZSYD/26N67Jj97hqeFm04f HqgOevoLTXK269gdRaX79a2SN3rmmwvzEdTffGDyZILG2rxlpJc4Sg74BoBvQq/z +ptOyrSmCijr8watSCKYVIrMWaWZRgUFNoBDPUDTPNwGwePKGumK8qEBRJltuD9J 2ZBuzeDZ8PDL2QNq6jYEjL61rCW3olNlnoB0Bs9RppAcgsvQBQfc0KSsa04ZcI69 wTTdANSqsurAwmE+HtFIwWluJbqtLCbdm/wLu8gWjtnsD7QUnw0= =xij4 -----END PGP SIGNATURE-----