Back to wordpress PTS page

Accepted wordpress 4.1+dfsg-1+deb8u14 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted wordpress 4.1+dfsg-1+deb8u14 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Craig Small <csmall@debian.org>
Date: Sat, 24 Jun 2017 21:19:24 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1dOsSi-0000aQ-ES@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 May 2017 22:24:48 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u14
Distribution: stable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 862053 862816
Changes:
 wordpress (4.1+dfsg-1+deb8u14) jessie-security; urgency=medium
 .
   * Backport patches from 4.7.5 Closes: #862816
    - CVE-2017-9062
      Improper handling of post meta data values in the XML-RPC API.
      Changeset 40699
    - CVE-2017-9065
      Lack of capability checks for post meta data in the XML-RPC API.
      Changeset 40684
    - CVE-2017-9064
      A Cross Site Request Forgery (CRSF) vulnerability was discovered
      in the filesystem credentials dialog.
      Changeset 40730
    - CVE-2017-9061
      A cross-site scripting (XSS) vulnerability was discovered when
      attempting to upload very large files.
      Changeset 40743
    - CVE-2017-9063
      A cross-site scripting (XSS) vulnerability was discovered related
      to the Customizer.
      Changeset 40711
   * CVE-2017-9066 not fixed as the relevant code has changed dramatically
     and there is no upstream patch for it.
     Insufficient redirect validation in the HTTP class.
   * CVE-2017-8295 Don't use client-provided data to form password reset
     from email address, from WordPress ticket #23239 Closes: #862053
Checksums-Sha1:
 6992e217144edb572b91420cf4668a316d2f6cce 2206 wordpress_4.1+dfsg-1+deb8u14.dsc
 aecf3343a5b0b3b5e559a7e1eb41b32f2259414e 6129728 wordpress_4.1+dfsg-1+deb8u14.debian.tar.xz
 d38e38a68b1eebba094e6863764e0350522fa5ef 3195086 wordpress_4.1+dfsg-1+deb8u14_all.deb
 0f926ddb33adc4287708dae4bd44c642bf3351c8 4246876 wordpress-l10n_4.1+dfsg-1+deb8u14_all.deb
 eae5ee49eb7f94e86ad7b6cb8e42da58305a7d54 502928 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u14_all.deb
 709520bd322ec40b57181c6074e83f7887ce85f9 803836 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u14_all.deb
 751ddcab0d9a5c616d1e838c5aa2db9cee195e79 321408 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u14_all.deb
Checksums-Sha256:
 609a1a1e165605c45aed4374962112511f5d2b51c2a22c3a4c2db39247bdcfa2 2206 wordpress_4.1+dfsg-1+deb8u14.dsc
 3e661549549ed624dcae24c794f95e61d3092edcb8e8676fdfb045a7ba1ddead 6129728 wordpress_4.1+dfsg-1+deb8u14.debian.tar.xz
 0ae928df0c24a663e804ae4a23c60e98f58552b54b7e862e7bb6d844382bead7 3195086 wordpress_4.1+dfsg-1+deb8u14_all.deb
 81d990e84c19a7a981b562ea175ad7680d37c769b942ec9fe37bdf1bc19c044f 4246876 wordpress-l10n_4.1+dfsg-1+deb8u14_all.deb
 de1a849613a7e8eea5a91437757afdccc9aca5781cb8d2fcc73be212fb3a7f10 502928 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u14_all.deb
 02614dc4be3f5214ac033aabcfb3a9c4e17647436a8f69a22be7b67d5cbb0cc5 803836 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u14_all.deb
 d9a4d329f75e8697af88d58462a58b66266986037a65e3cfb160d904a71c4fda 321408 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u14_all.deb
Files:
 27c20ffff81220e8d626f73689bc86ea 2206 web optional wordpress_4.1+dfsg-1+deb8u14.dsc
 b035d001eccb9ca647ae135aff1b205a 6129728 web optional wordpress_4.1+dfsg-1+deb8u14.debian.tar.xz
 12b570d668be90fc5b85e3915e7b4525 3195086 web optional wordpress_4.1+dfsg-1+deb8u14_all.deb
 2c138c159b53cd36cc37bea33b33996f 4246876 localization optional wordpress-l10n_4.1+dfsg-1+deb8u14_all.deb
 05e24fb8304a6540b527dff44640ef6c 502928 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u14_all.deb
 0f0b708a3cec3edd2373392f3366a4ec 803836 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u14_all.deb
 018961b042c46458dd381507f3f2c6cd 321408 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u14_all.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlkvoS4ACgkQEL6Jg/PV
nWTDSAf/TjNiSUUbm0y53KsLziBpR7m1pqJlessKgPLRkeyEq9TetzMfDk34DkpV
uJndrX6cvof4236MZkm7TwcqwtQZLfk0ZInYW9DTkmIs+tw0KdXDTA5WuYcmDqmb
n+JZFCDbChbqQJrm5DDxccBAtbvSrg1eTO5pSanKJ1c7tOfIzsUOgRdM8FHVnZb2
MEZ74OZOqrWrtPcgJ9cOAYlu6Pbu7YBukoL2lcvEsr3gnQicRnE0QQBNYPnPs6iA
KxPQ4rPuzWWozxg4/oVUFFWmVF26a2vCCKKSRrKClrb1BKw7JLZijzan1l6jWj+q
WPbWcywFvnIWxAohT45u5JM8dZ3deQ==
=r4Ra
-----END PGP SIGNATURE-----