Back to wordpress PTS page

Accepted wordpress 3.6.1+dfsg-1~deb7u12 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted wordpress 3.6.1+dfsg-1~deb7u12 (source all) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Thu, 22 Sep 2016 19:40:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1bn9qv-0001ZB-R6@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Sep 2016 21:26:43 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u12) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Backport security fixes to Wheezy.
   * CVE-2015-8834:
     Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in
     WordPress before 4.2.2 allows remote attackers to inject arbitrary web
     script or HTML via a long comment that is improperly stored because of
     limitations on the MySQL TEXT data type. NOTE: this vulnerability exists
     because of an incomplete fix for CVE-2015-3440
   * CVE-2016-4029:
     WordPress before 4.5 does not consider octal and hexadecimal IP address
     formats when determining an intranet address, which allows remote attackers
     to bypass an intended SSRF protection mechanism via a crafted address.
   * CVE-2016-5836:
     The oEmbed protocol implementation in WordPress before 4.5.3 allows remote
     attackers to cause a denial of service via unspecified vectors.
   * CVE-2016-6634:
     Cross-site scripting (XSS) vulnerability in the network settings page in
     WordPress before 4.5 allows remote attackers to inject arbitrary web script
     or HTML via unspecified vectors.
   * CVE-2016-6635:
     Cross-site request forgery (CSRF) vulnerability in the
     wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php
     in WordPress before 4.5 allows remote attackers to hijack the
     authentication of administrators for requests that change the script
     compression option.
   * CVE-2016-7168:
     Fix a cross-site scripting vulnerability via image filename.
   * CVE-2016-7169:
     Fix a path traversal vulnerability in the upgrade package uploader.
Checksums-Sha1: 
 034029e9bc64d9fd16b275ac904c03037378dfec 2459 wordpress_3.6.1+dfsg-1~deb7u12.dsc
 46f9f94fa54d0194d04399bded2f632a46351a99 5226576 wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
 c3766d629a76d5aa949f2950898336caac0629a1 3984206 wordpress_3.6.1+dfsg-1~deb7u12_all.deb
 23c76b68728ab2ba892ceb706ca8800aa6426909 8871308 wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb
Checksums-Sha256: 
 2ec70424c52dd325734b2a1254d86864b152a61fc78f6dad50edb478890713ea 2459 wordpress_3.6.1+dfsg-1~deb7u12.dsc
 ff532e7959e258a60e0324adcbd49f4d686875686c3d628adf6bdc9deb865263 5226576 wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
 8d720a36f87eda837bf6d8a3ca33b2fa5735d302ad4a0b9d1076f295cffcfb7a 3984206 wordpress_3.6.1+dfsg-1~deb7u12_all.deb
 09d3513c2d14f14c2fef72e6129e4111b2b247a3bfc027d5f731efcb1718dfb4 8871308 wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb
Files: 
 b7b5f7cf6d43674950042004eb191c77 2459 web optional wordpress_3.6.1+dfsg-1~deb7u12.dsc
 2b3edb1c15cef5713f3cbbc18050174d 5226576 web optional wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
 eb14e0266e5a654a3ce8268d4821e37e 3984206 web optional wordpress_3.6.1+dfsg-1~deb7u12_all.deb
 ad268d51432befe72f0faf2ce9b0903a 8871308 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb

-----BEGIN PGP SIGNATURE-----

iQKMBAEBCgB2BQJX5DI0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5NcZD/0Z
gIq8FKpw2cCjkB5x22/51MOVTXXIWtUN8UudBk2+zy7oPp2MJN5imDu2Ro7Z07ng
PB7v9bqLNZwHf7G0rdjtcf5JNsN5c0eEgTkWTqRNuqrNBbmyap8Lj6WVCsuY+5S+
/s8xEjuz/67iPKLeGw8DCNCdwYJ0/vahFW6/H1QKG8mWHq91O6kjrPkAY+ErB+Jx
U8ewSGuelirgPPSkH/U2uTfptd5n91P4VQlIWyH7A+pMoj2JWBW7lnKizwcVrMjV
0CfzRHmEWWQqngb7QLVwGrvX34RC3SplbefcLQKnIZS3NLko9ZLRG0acYbQXJjhR
ZqwCToF0SknO03NnIRic7eNrGUW7eBWy5D9vFV7kqRnQXhzK0bqFjdL1iVER2Hsp
x0WriHPS0w3W9JmywZnxwOjYD07C5JJyVp5G94VrH476mwOnPJ72oFqXkB93mPFm
3vXjAtiUjkYzYACHz+TObDmo8kFsMOT7fxWGLkEk6kV518NYLPN5xRRhCFR78Dyo
fFEjaPrcVvodC7wdxDWa9g/dD1GCZ9gfGXmgiu1i1X84XVn7m7+SHXJ1GKXgcxc8
d1isC5Q3U9BkWT4nuHVft54fr/BME/cee2QsNQgukUV16y04AAAp3S3DmoEwJSKt
ZMz/OInCRPBRyzdBX6uHgqtaEprIJPbs1AfcywuFBA==
=f5ie
-----END PGP SIGNATURE-----