Back to wordpress PTS page

Accepted wordpress 4.7.5+dfsg-2+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Oct 2017 07:11:32 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.7.5+dfsg-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 876274 877629
Changes:
 wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium
 .
   * Backport patches from 4.8.2 Closes: #876274
      - CVE-2017-14723
        $wpdb->prepare() can create unexpected and unsafe queries leading to
        potential SQL injection (SQLi)
        Changeset 41472, 41498
      - CVE-2017-14724
        Cross-site scripting (XSS) vulnerability in the oEmbed discovery
        Changeset 41451
      - CVE-2017-14726
        Cross-site scripting (XSS) vulnerability in the visual editor
        Changeset 41436
      - CVE-2017-14719
        Path traversal vulnerability in the file unzipping code
        Changeset 41459
      - CVE-2017-14721
        Cross-site scripting (XSS) vulnerability in the plugin editor
        Changeset 41413
      - CVE-2017-14725
        Open redirect in the user and term edit screens
        Changeset 41418
      - CVE-2017-14722
        Path traversal vulnerability in the customizer
        Changeset 41430
      - CVE-2017-14720
        Cross-site scripting (XSS) vulnerability in template names
        Changeset 41413 (same as plugin editor)
      - CVE-2017-14718
        Cross-site scripting (XSS) vulnerability in the link modal
   * Hash user activation key Closes: #877629
     Fixes CVE-2017-14990
Checksums-Sha1:
 a9e488c4df0b36dd39b41d462f810102f26435df 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc
 edf2c207b6c6c173d8958c0d9191e1e0d532e042 6240440 wordpress_4.7.5+dfsg.orig.tar.xz
 e0417f8708cc10ca56041e972fb4ca083bdac5e4 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 014d493c433949581827abb22faad2d3f6297844 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 99a9c6e1853fc992fb8645dedc7fe1302353cbbf 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 db0d15595516b0867938d9fe49b7bd15bbd64ef0 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 35adf0a11c5958aac424850a4e4304f019fced52 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 1a1fe93a389e4ae808187c824014fc2f01d57eca 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 f86f46fb5375b65b7438360b44583563fab1ec26 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 37ba9d3c65c8f242019ab92e1c896c8bbb7f6ef376f4805eff8f233ab82d869b 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc
 a21bc1f4042bbd77eb1ddef2cdcd3fb60f121835cf5d219a6e12a2d06a839b7f 6240440 wordpress_4.7.5+dfsg.orig.tar.xz
 b610d6c3784f29ce1344c107d0b39029bef293c08adbad357263d2d6bf7f4f6d 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 441b2b00c7cb3f223a6881f0054f94f91f02c93ac0dc209bf8b1d5c653ec9be8 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 b06298da79ea789b0765b248359100fb0807a3a24249e7c126726ab21bb537a8 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 572dffe8d5adc67d54bc69dde3b1dfa4c917d7549d2c1594ef802bd124d8735f 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 ff42d848ff38035275ab9dbe524fe8f819cf0477ac63b88d8c95e9c0b5f8e501 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 2a0097fcf5d66f912e70f36ed27f0ad9d2888b3e08ac638f3d0a6ac66e420b53 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 5da5441b9c3aa36ecbe618a003d703eb2a610d55648f6710feff4fe52182cf0e 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo
Files:
 21a555aa4c57f04d5bc92477481b9063 2567 web optional wordpress_4.7.5+dfsg-2+deb9u1.dsc
 acb0c5ca4df36e2eef3274d6adc4f8b8 6240440 web optional wordpress_4.7.5+dfsg.orig.tar.xz
 2ac4750281b13334542a7db72cacd80d 6785340 web optional wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 da8441d62a0fc891beaf9e36137b032d 4382638 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 3d21c554d514bcaa1cf9e30f2ce89294 700472 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 51cdc6b546ec088cb991cb9d0d8d49b7 940094 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 fea91b00203c8603998a988bbb55bcff 589188 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 f05853250ca3347238d7acd3d908d766 4000422 web optional wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 e27b814900766441f5aebbccefedafb6 7445 web optional wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnagMQACgkQAiFmwP88
hOM/Kg//dgoidYMOvRzgc8qubXLtoCNufKwlDsXeVsn/7K0dQ/4lcOLIC3p3Li+o
GO3Bce8g1IRSN9R9PFWmkysEARpEhoLAmL7gbvIHyLbElwcraXhcbxwVj5CKlnu/
KXiH3HL+shvlpmA99vLlxv4RDN4OMBMVK/MPUtfHKxYOhfdWA2TOYVzKBaySj7AZ
YyItOFb3xQsHN86jDie3Fn420DJqvrtyBdZXuFT1VoOrmmnTdczM/kl0EqONy12g
vUIHNiZU++jo2gWl0ts08ncguKAvkjZ/LOJIz9L27bZQno0+s76xWpElnD8OV4QH
pKtOadUA9I7toxEoLcRwiRIisK12tz2U9Hc/vStR+MPTO9OYadsK9mzybzH34nmf
vrBxhLT7hdkt5OVSS4JamtSrTWCgI8yjQXRhYENMz85Asuz3dyLrdQlU12SfXt1r
NyLMWGL36tMiaOMklfSwr7q7CYI1xVuyX0UIhiqg016wIzQJgb+CVGViCEfHcYMi
s0+XHyCxej4d6m6cb3Rh/h6XImTMcXVGllCOHfED5U/oRdHE/LnN+B5S/Oo6X647
bgawRzSNJv+VnQasIK+9RQBBh8fRjnz4Ww9FFH3d8LyUYr09Ei1N7hitcOJR9yBC
b6vJSDKMBTJhPkUaWLJFNAg5sqwZHuttbu1DkV+APCTTCRJh9+E=
=G7IE
-----END PGP SIGNATURE-----