Back to wordpress PTS page

Accepted wordpress 4.1+dfsg-1+deb8u10 (source all) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted wordpress 4.1+dfsg-1+deb8u10 (source all) into proposed-updates->stable-new, proposed-updates
From: Craig Small <csmall@debian.org>
Date: Mon, 03 Oct 2016 19:17:07 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1br8jb-0000AU-Rw@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 10 Sep 2016 08:07:11 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 837090
Changes:
 wordpress (4.1+dfsg-1+deb8u10) jessie-security; urgency=high
 .
   * Backport patches from 4.6.1/4.1.13 Closes: #837090
   * CVE-2016-6896 and CVE-2016-6897 not vulnerable
   * Changeset 38538 sanitize filename in media CVE-2016-7168
   * Changeset 38524 sanitize filename upload upgrader  CVE-2016-7169
   * CVE-2016-4029:
     WordPress before 4.5 does not consider octal and hexadecimal IP address
     formats when determining an intranet address, which allows remote attackers
     to bypass an intended SSRF protection mechanism via a crafted address.
   * CVE-2016-6634:
     Cross-site scripting (XSS) vulnerability in the network settings page in
     WordPress before 4.5 allows remote attackers to inject arbitrary web script
     or HTML via unspecified vectors.
   * CVE-2016-6635:
     Cross-site request forgery (CSRF) vulnerability in the
     wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php
     in WordPress before 4.5 allows remote attackers to hijack the
     authentication of administrators for requests that change the script
     compression option.
Checksums-Sha1:
 f092fb1eb33a47380c0ec8ca362c52ebf9906746 2537 wordpress_4.1+dfsg-1+deb8u10.dsc
 ac437190e0ea392da4ccc5262ef9233c35166ae5 6126040 wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz
 184e136386021352b8090b5d25a1460d861e1349 3172420 wordpress_4.1+dfsg-1+deb8u10_all.deb
 106fa24dea9a667e2fe2f479e87a19331ca87f59 4236622 wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb
 66e6711ced807d7af8771bcdf3211b099ce64ede 502012 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb
 fa5a2d486a3eb707d60651ffca0f7a6a9e207337 801288 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb
 f868dc86ebd32ef10034fe9688b26dd1fcd76e92 320818 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb
Checksums-Sha256:
 6ab7fae71273080f38af849cb9cd469f1a77734e882974c77fdf179ea0273513 2537 wordpress_4.1+dfsg-1+deb8u10.dsc
 f44383ee88b7816a3c488e11dd677a60cdc5411eeaae54ad382d541b48696db9 6126040 wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz
 f5bf9e0ae17c6b84dbead1cccb17f0a91297d740937c67f88c5f0a16bdf15a58 3172420 wordpress_4.1+dfsg-1+deb8u10_all.deb
 4f25747f8aa08812dcfa20741d767dd8fce1ebf8788551258cffd5b4c6c60c02 4236622 wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb
 ab3ee769d3e1b6687ff19f3dfbfd6fcf41b7778d01e2503cfa0aa8f1d069e34d 502012 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb
 b73dd46064424228517c128f4049bff2433952fe15a154dacea671c41570d622 801288 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb
 823f8691bad4935579cb9b2268858595b969195ad0b9be1bf677d81c45c6e390 320818 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb
Files:
 26fed67c2608fdd016e21c6b053fa5a0 2537 web optional wordpress_4.1+dfsg-1+deb8u10.dsc
 41d651a14a8da2b48b35d48f9cf62f4e 6126040 web optional wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz
 a2a50da05c206e3e0944e8f302a8fc04 3172420 web optional wordpress_4.1+dfsg-1+deb8u10_all.deb
 4aa8009cb1635461452bf6d32b8691a6 4236622 localization optional wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb
 6586be82424fc8cd5702ae6d96d7f84d 502012 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb
 dbed8d1ee41b97fa711b84dd2206865e 801288 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb
 079a7a7a65438785127c9c450bfcba54 320818 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJX66gXAAoJEDk4+WvfUP6loIUP/2V+lv69Nhy8JfeRgT0ZcMaw
IL3ZTpD20NJNVzUP/b2uoR9qjkgH0zVrboUgusDDR8pJH+qFe/NPPA8/lVHb4xt5
j0s8gHuyzXu95Y3rtPskGI2B7CXTaiblteVpBipBGnnHZG1+GS2+ZOLnCfLchrNv
4gO8fl6LbJEsPKGVQ9sNj0Vnywof+YHXNpRV2jXt5mHvH7fUtguNoMHkCRGXeDkU
tm5kud3C1h9T3ep52c1pXIPa2zvyXtoLuJeRRwnrSUtFE9ZQ5CYJAVHAjJsSn54c
ywD+szuHksKAQoAP4zoU2xNsbOEI1mUg3346WMFyDgYBj43Nz1oB/GZ8VDridSCm
LROcqZMQAJfMuuFoUXnKsoqOZrJBVKQq57oyaluqnhNezrRo0WkOGLYkuT2C7gxB
byVdN3YC/a0qsYbHWN2YgjEgH+mbaJu25V8j8ExxeGDQ0ta5sCied4npsKY5qsLL
hZ19y77lCjDvYzUMnCKH+oBzWNaiBp72iA6U4KQSw67SzhJhVOv8XxtCOiYVmB2T
Sco8MuT7YxGQpssRPyRdjf0K6BYKICNVNnbHAcdCY3aXlcgZbOsHFDsCwij6jd8+
majcQptNIXTVt92Vi+wskRBMPDeqCrBffLL3eweZBeLE7huhWiqg9AkSV2mhcZj3
KOP7lnTWqLX0kyYaro7Q
=xbRS
-----END PGP SIGNATURE-----