Accepted wordpress 4.1+dfsg-1+deb8u13 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 16 Mar 2017 06:19:41 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u13
Distribution: jessie-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 857026
Changes:
wordpress (4.1+dfsg-1+deb8u13) jessie-security; urgency=medium
.
* Backport patches from 4.7.3 Closes: #857026
- CVE-2017-6814
Cross-site scripting (XSS) via media file metadata.
Changeset 40155
- CVE-2017-6815
Control characters can trick redirect URL validation.
Changeset 40190
- CVE-2017-6816
Unintended files can be deleted by administrators using the plugin
deletion functionality.
Changeset 40176
- CVE-2017-6817
Cross-site scripting (XSS) via video URL in YouTube embeds.
Chamgeset 40167
* Not vulnerable:
- CVE-2017-6819
Cross-site request forgery (CSRF) in Press This leading to excessive
use of server resources.
Press This introduced in 4.2
- CVE-2017-6818
Cross-site scripting (XSS) via taxonomy term names.
Checksums-Sha1:
9dc6a86e174682f3449cd58be79d84eb3449e13c 2551 wordpress_4.1+dfsg-1+deb8u13.dsc
c5eb50e0dfa3c2000f77c610c584b8b98d57c0c0 6159176 wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz
e5fa9d8bdc114d7e49cb0bb515fef4068865d2a5 3173472 wordpress_4.1+dfsg-1+deb8u13_all.deb
c48ecab5fe72bf8752a08bab77779cd2f093508b 4239634 wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb
fe4449da60e2f40adaad880081580c44fd464262 502816 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb
273afa5c639e434a0b0550161c384caed19cf02e 804064 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb
21d37e2d4c14bccd69b19760fb7e09b2dd12f84d 321664 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb
Checksums-Sha256:
2b3ac02a5a019fe03e517e1ee27bcbdb96c2bd4eae37cc71b8696798f36fef1b 2551 wordpress_4.1+dfsg-1+deb8u13.dsc
6b84b39fc797e68864d08bfe6e11f455cc18a5b098d8f93d31f03429c4a368f3 6159176 wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz
6e79466486a79e1ec9e2e3eabbd33b94332586f69de03ed5b4e09127a80d96db 3173472 wordpress_4.1+dfsg-1+deb8u13_all.deb
c261fd7e6600ec94c0cddb4c670cbb7a50d2c6d5640211ae1141cd47351ee543 4239634 wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb
ce299ba16a1a63823640191c63632cef4ff0915d6bf0140401f48f757a33602d 502816 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb
8f97ecac5f8e7d06b82e6a8b097b43695be4d000b8c5c06012bc99dbc547cfff 804064 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb
c7b8a9cffbb279f7613b922b64d80bd3adc6b0b621aba2060a2037f330cce3f7 321664 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb
Files:
5e62aea8c65b5dd7efecf8069cdf6d9c 2551 web optional wordpress_4.1+dfsg-1+deb8u13.dsc
40e7ac8123a1835746dbdbcbbd604364 6159176 web optional wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz
b1d97314c1ea13752e2dc6cfc07e928d 3173472 web optional wordpress_4.1+dfsg-1+deb8u13_all.deb
68df51ca037579fb58cb035345dec217 4239634 localization optional wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb
2eac51ed1ff368258895e37b504a9e15 502816 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb
85a6b8534707e3cdf6e57e333aff3b56 804064 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb
654507f743bc36f588eba44bfcafc268 321664 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAljMrl4ACgkQAiFmwP88
hOP9mBAAgZPI1aS+zf1Nqp6Za/zWU7gm2aF8pmtyrei7SwcBKiA6b1ohUfwlAomK
3sn7AX92nGcrN1Hq1hqX67sqtt9Z814x/ApskD/W5UtbsD0I4NMKjYzBiyrszaY6
u8ZmHOW4rI05U0LtCK1jOgD8VQk+hdPgZS+uhAbptMzCBBj63jNKFQCO1yIENlYP
aD1k6wWpRuvPa4i4MMB9oKuW9lDtn38OLSQP0N9j8qwaid419v7PykSMf5HuoWwe
Wz7Yg6Rjg1uezqh7AZNGIhsBoWHsO0FpgXDcZ5KqzVuRAUA6fZNkJvxpVuvUGzUC
zPm6zp8jAoiNuBU4FRtQwwZE+ojZvdYfY96Qq2Vp04uT5KiyWUQ2cn+fMh0IYZdj
cpsZRqtJogv+zrtjNNJFUPv2UWk/eeb5G2CYlCQ5EDPckvxkGESOTDRbVotBdWrA
VEisNylJ6WCXwaCXBcZGqbXQInlWIBoC7FfqhV4SaFpI1E3Xy4oHo39acO4ZwQiG
B0HX0PBbC88usTKKQQOpu05O5vDNR8NUrl0dTYf4lUQ1mUCQUqchhg9pYgSA0bZE
BTxg5habvfjhkkPpkwSYBX3TPqCdh70uHMr+2IjVPEODFLEIti4sirc3cPVgY0EG
FPKgJ/5CE60dU+DttWe0PsSOLSh6WxAd3GzCUrugIePzZh5AI18=
=Y0AY
-----END PGP SIGNATURE-----