Back to wordpress PTS page

Accepted wordpress 4.1+dfsg-1+deb8u12 (source all) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted wordpress 4.1+dfsg-1+deb8u12 (source all) into proposed-updates->stable-new, proposed-updates
From: Craig Small <csmall@debian.org>
Date: Sun, 12 Feb 2017 22:17:34 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cd2Sc-000AWm-TD@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 29 Jan 2017 08:53:11 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u12
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 851310 852767
Changes:
 wordpress (4.1+dfsg-1+deb8u12) jessie-security; urgency=high
 .
   *  Backport patches from 4.7.1 Closes: #851310
      - CVE-2016-10066
        Potential Remote Command Execution (RCE) in PHPMailer
      - CVE-2017-5488
        Authenticated Cross-Site scripting (XSS) in update-core.php
      - CVE-2017-5490
        Stored Cross-Site Scripting (XSS) via Theme Name fallback
      - CVE-2017-5491
        Post via Email Checks mail.example.com by Default
      - CVE-2017-5492
        Accessibility Mode Cross-Site Request Forgery (CSRF)
      - CVE-2017-5493
        Cryptographically Weak Pseudo-Random Number Generator
      - CVE-2017-5489
        Cross-Site Request Forgery (CSRF) via Flash Upload
        Changesets 39838 and 39857, thanks Seb <seb@debian.org>
   * Backport patches from 4.7.2 Closes: #852767
      - CVE-2017-5610
        The user interface for assigning taxonomy terms in Press This is
        shown to users who do not have permissions to use it.
        Changeset 39976
      - CVE-2017-5611
        WP_Query is vulnerable to a SQL injection (SQLi)
        Changeset 39962
      - CVE-2017-5612
        XSS in the posts list table
        Changeset 39985
   * Not vulnerable
      - CVE-2017-5487
        User Information Disclosure via REST API - API doesn't exist
Checksums-Sha1:
 253d61d082ee7b20f9816d1132f6f7eb941dc9fe 2551 wordpress_4.1+dfsg-1+deb8u12.dsc
 54f8843e52895317bb448c4775983074d6f943e4 6158196 wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 a06255b2ac28a553f71530a7c04b6c6817c730ce 3173462 wordpress_4.1+dfsg-1+deb8u12_all.deb
 d58aab3ddbbc89749dc15a3274adc3fae51a18c5 4238812 wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 e6bad07f7b8c99eef4bc27b7c4321f19e32ef8e2 502594 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 bb731ada7b689b45fbed605471e6cf06e2e5923e 803820 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 4fe4faa6c5642130f2a932d41c8c40511d91d1b7 321380 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb
Checksums-Sha256:
 d992b41737f0cd2f7ced0a12b379ba867fb86f38b611c84afba46b382ed8397f 2551 wordpress_4.1+dfsg-1+deb8u12.dsc
 3e664ca4320e6cd2a319e3ca9bdaacbaeb5c2181f9e9b57423c29b9e112b6ea4 6158196 wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 406bcdeb512de8a967f51518751e05feead9a043975480342cb6bef1900114ea 3173462 wordpress_4.1+dfsg-1+deb8u12_all.deb
 61329288c55e2b7f581a07b6d63c221d18cb671c9568883b092ceac5005760c7 4238812 wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 ef645303cbc499189d106ce141592550c49ed9651553769802df877a407c6df5 502594 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 18bfafb26bb3eeab7733c599d234a9bdf4a3b85f967e92a4447f6c8570d7590f 803820 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 381ed3513c4f8e230a19c69f9439a6cb616aa987d5e8a77d310090c680511a8b 321380 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb
Files:
 f67c4cb3a48be59312ebb62f70e4e04e 2551 web optional wordpress_4.1+dfsg-1+deb8u12.dsc
 4d939fe84850f132ec327075a199172f 6158196 web optional wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 0d71f65b49994fb52e3d4f89c0b1d68e 3173462 web optional wordpress_4.1+dfsg-1+deb8u12_all.deb
 dbc626fbaea46f0e98a703a1b07aa696 4238812 localization optional wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 4bf8db324e70ff9206aadddb2beebc0a 502594 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 039ebe780c0089c252334fff1cb7aa39 803820 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 c1ceb915129dd18e3dd09f7df1095809 321380 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAliPKQsACgkQAiFmwP88
hOMjyA/9H6ewfYZ4HhxwbKVaxs7R1rw4ZQ2nmlvb7CvhlHyQZbh9Ffe7vT+wOK2+
Q98UVyJsEQFzDLEqfCV4NozVRtRj4uYdi61GB3ylrww5DM2b1NyueTanAEwopvBL
POR05KpvFcAp/11XsuVjPy/z6Ifx0tbKl8+WyrBDyPoQs+Y1MVIcepWk9p+Hd5kl
RanMIdfY1+7fOPLZJec8IDGYWpftB3+IjEU5P1gAX7md0eEqfU5NBgP7nM+YsaUF
/X/yNUzl7lDzxJtv2lx1ZRQq42lDcdx/bBZ+GcWDgE8HpNW/exsSx69q4Wj/I1VB
7Ptecwp38ZhFZ73bI7U2oEWnRgS3olBOqEM9tNmDezsM0rr6G6tHzMmm2ccX+RQg
hsw19u76GsKOJjOXLJJkj/eotJrKhpyK4it3DkECIgUHWPgsKEaFhojWEWr4MIDh
ckS+aOoXDBGQup8Qxw/kQUIrfpB93WVhneLkXEiUM5KCGum4Ww4Yfuo3lDeXwCsR
6TM0arzZQB8QFs7sJhandivSzJP0Ea/KTSjXwSAkDC0tV5D4hDoPRog3Rr7WIYkL
oA1dlRdEbQAwvr4XXkW5wJ+aD99dyESon0wJONofDTB9ZUYUO/FmFPcVI0beRaUe
xCbZDLIigh72dJqPLIOSFEqmWF7LJtbdL187ZkFY6qmqBamp7/A=
=ySyR
-----END PGP SIGNATURE-----