Accepted wordpress 3.6.1+dfsg-1~deb7u12 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 22 Sep 2016 21:26:43 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Changes:
wordpress (3.6.1+dfsg-1~deb7u12) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Backport security fixes to Wheezy.
* CVE-2015-8834:
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in
WordPress before 4.2.2 allows remote attackers to inject arbitrary web
script or HTML via a long comment that is improperly stored because of
limitations on the MySQL TEXT data type. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2015-3440
* CVE-2016-4029:
WordPress before 4.5 does not consider octal and hexadecimal IP address
formats when determining an intranet address, which allows remote attackers
to bypass an intended SSRF protection mechanism via a crafted address.
* CVE-2016-5836:
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote
attackers to cause a denial of service via unspecified vectors.
* CVE-2016-6634:
Cross-site scripting (XSS) vulnerability in the network settings page in
WordPress before 4.5 allows remote attackers to inject arbitrary web script
or HTML via unspecified vectors.
* CVE-2016-6635:
Cross-site request forgery (CSRF) vulnerability in the
wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php
in WordPress before 4.5 allows remote attackers to hijack the
authentication of administrators for requests that change the script
compression option.
* CVE-2016-7168:
Fix a cross-site scripting vulnerability via image filename.
* CVE-2016-7169:
Fix a path traversal vulnerability in the upgrade package uploader.
Checksums-Sha1:
034029e9bc64d9fd16b275ac904c03037378dfec 2459 wordpress_3.6.1+dfsg-1~deb7u12.dsc
46f9f94fa54d0194d04399bded2f632a46351a99 5226576 wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
c3766d629a76d5aa949f2950898336caac0629a1 3984206 wordpress_3.6.1+dfsg-1~deb7u12_all.deb
23c76b68728ab2ba892ceb706ca8800aa6426909 8871308 wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb
Checksums-Sha256:
2ec70424c52dd325734b2a1254d86864b152a61fc78f6dad50edb478890713ea 2459 wordpress_3.6.1+dfsg-1~deb7u12.dsc
ff532e7959e258a60e0324adcbd49f4d686875686c3d628adf6bdc9deb865263 5226576 wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
8d720a36f87eda837bf6d8a3ca33b2fa5735d302ad4a0b9d1076f295cffcfb7a 3984206 wordpress_3.6.1+dfsg-1~deb7u12_all.deb
09d3513c2d14f14c2fef72e6129e4111b2b247a3bfc027d5f731efcb1718dfb4 8871308 wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb
Files:
b7b5f7cf6d43674950042004eb191c77 2459 web optional wordpress_3.6.1+dfsg-1~deb7u12.dsc
2b3edb1c15cef5713f3cbbc18050174d 5226576 web optional wordpress_3.6.1+dfsg-1~deb7u12.debian.tar.xz
eb14e0266e5a654a3ce8268d4821e37e 3984206 web optional wordpress_3.6.1+dfsg-1~deb7u12_all.deb
ad268d51432befe72f0faf2ce9b0903a 8871308 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u12_all.deb
-----BEGIN PGP SIGNATURE-----
iQKMBAEBCgB2BQJX5DI0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5NcZD/0Z
gIq8FKpw2cCjkB5x22/51MOVTXXIWtUN8UudBk2+zy7oPp2MJN5imDu2Ro7Z07ng
PB7v9bqLNZwHf7G0rdjtcf5JNsN5c0eEgTkWTqRNuqrNBbmyap8Lj6WVCsuY+5S+
/s8xEjuz/67iPKLeGw8DCNCdwYJ0/vahFW6/H1QKG8mWHq91O6kjrPkAY+ErB+Jx
U8ewSGuelirgPPSkH/U2uTfptd5n91P4VQlIWyH7A+pMoj2JWBW7lnKizwcVrMjV
0CfzRHmEWWQqngb7QLVwGrvX34RC3SplbefcLQKnIZS3NLko9ZLRG0acYbQXJjhR
ZqwCToF0SknO03NnIRic7eNrGUW7eBWy5D9vFV7kqRnQXhzK0bqFjdL1iVER2Hsp
x0WriHPS0w3W9JmywZnxwOjYD07C5JJyVp5G94VrH476mwOnPJ72oFqXkB93mPFm
3vXjAtiUjkYzYACHz+TObDmo8kFsMOT7fxWGLkEk6kV518NYLPN5xRRhCFR78Dyo
fFEjaPrcVvodC7wdxDWa9g/dD1GCZ9gfGXmgiu1i1X84XVn7m7+SHXJ1GKXgcxc8
d1isC5Q3U9BkWT4nuHVft54fr/BME/cee2QsNQgukUV16y04AAAp3S3DmoEwJSKt
ZMz/OInCRPBRyzdBX6uHgqtaEprIJPbs1AfcywuFBA==
=f5ie
-----END PGP SIGNATURE-----