Back to wordpress PTS page

Accepted wordpress 4.1+dfsg-1+deb8u15 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted wordpress 4.1+dfsg-1+deb8u15 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Craig Small <csmall@debian.org>
Date: Thu, 19 Oct 2017 19:47:36 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1e5Gn2-000AgO-Cf@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Oct 2017 21:27:47 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u15
Distribution: jessie-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 877629
Changes:
 wordpress (4.1+dfsg-1+deb8u15) jessie-security; urgency=medium
 .
   * Backport security patches from 4.8.2
      - CVE-2017-14723
        $wpdb->prepare() can create unexpected and unsafe queries leading to
        potential SQL injection (SQLi)
        Changeset 41472, 41498
      - CVE-2017-14726
        Cross-site scripting (XSS) vulnerability in the visual editor
        Changeset 41436
      - CVE-2017-14719
        Path traversal vulnerability in the file unzipping code
        Changeset 41459
      - CVE-2017-14721
        Cross-site scripting (XSS) vulnerability in the plugin editor
        Changeset 41413
      - CVE-2017-14725
        Open redirect in the user edit screens
        The term/tag edit screen does not have this issue.
        Changeset 41424
      - CVE-2017-14722
        Path traversal vulnerability in the customizer
        Changeset 41430
      - CVE-2017-14720
        Cross-site scripting (XSS) vulnerability in template names
        Changeset 41413 (same as plugin editor)
      - CVE-2017-14718
        Cross-site scripting (XSS) vulnerability in the link modal
   * Not vulnerable:
      - CVE-2017-14724
        Cross-site scripting (XSS) vulnerability in the oEmbed discovery
        oEmbed feature not present in this version
   * Hash user activation key Closes: #877629
     Fixes CVE-2017-14990
Checksums-Sha1:
 db2320ddadc5c9a4f30cecd0e14948c7b26562a1 2551 wordpress_4.1+dfsg-1+deb8u15.dsc
 aa5bc8c96a94d92174ecd8d559647bc179d27c74 6168064 wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz
 835bd96002b29ce47a861c04b449531a81256dce 3174878 wordpress_4.1+dfsg-1+deb8u15_all.deb
 bdd9505dfd9074f963dd2ffa08d741415e0f733b 4240582 wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb
 80530f567769c5df70bac3bd26762f7d8ec3ab8f 504074 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb
 e81b460ffe9a7757a5622e8bfa84a94aef699924 804688 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb
 e98890b55cda92eb2493b2adfa471911b221d265 322296 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb
Checksums-Sha256:
 7aa386fcde3fd7a463fc077ad02aaa6baf31d7f09f014033b9a8fb2dbbf8393a 2551 wordpress_4.1+dfsg-1+deb8u15.dsc
 7edf0bd3dae8b915cd5856dd6bad484fb468460d67ee68e199dc53f57de4b19f 6168064 wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz
 cb592e42e9315d8f8bda9e04b0c349c30dba6472956c1804753fa0ddb80054c8 3174878 wordpress_4.1+dfsg-1+deb8u15_all.deb
 f93ecdbcbfcd87c54f46852715fd0ac719047a0c21512f6a74875c0561ba3a54 4240582 wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb
 f711f36f78a61866e087885934f2945dad7fa53d04986f87cfa53a67310e85cc 504074 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb
 f6b268d99dcfdc01e6159dc7caa3763aed2016de78888bc3c0d5a198c9509153 804688 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb
 36042cfe380ff53ee0ce3404dd8a3e9401c3550ddfb3b9031c46ec1d74a749c8 322296 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb
Files:
 7ea61893f9e2d1bc3765f637b91a28e8 2551 web optional wordpress_4.1+dfsg-1+deb8u15.dsc
 f73c90aca3732b650c1fc2ddbda4e2d6 6168064 web optional wordpress_4.1+dfsg-1+deb8u15.debian.tar.xz
 03aee73fff713d59a75121d45c655233 3174878 web optional wordpress_4.1+dfsg-1+deb8u15_all.deb
 5c55e5a0af05bace40d7f7cf5ffe1086 4240582 localization optional wordpress-l10n_4.1+dfsg-1+deb8u15_all.deb
 5bb33915d7560845b125c7137dc17c77 504074 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u15_all.deb
 5a9e058b8c151e5b8f3ae1f8d5ed6b50 804688 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u15_all.deb
 79dc297d588df7a283cc1a411f04f1e3 322296 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u15_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnd90wACgkQAiFmwP88
hON9HBAAoH3v6So2izPUITUPpMKot79GrgzpobQeFD5n0y2epfO6PS4cyBp2PC7h
5VDvZ2tz62RdtGymW0OcfluQJw7uO2xJFPKV8MNqEucmfJ05nUYqHnBfRNLE5ww9
ZAGOE/4NYZoyE1jA+ZPtfdYoSoTrzc3bbOtUhn4F5YUywC0rIaNPLolzlvq45vJA
FEuxxvlmG0SdrBw291L8xso0yCnwKc98VgRVheR/Qs1L3+Rc6EnwNFkFTdCtEjI7
IAfxvRYWEZopig6E8cK1LbaI8+1oIq8Feg/UIn3G+kC/eSo+Npc0gsf3OaCYVTsF
YUBvcPWE67NtVE4AHrt+QlPiNn9efaj/lo2QqyVQxZryYrpqrIcCRKIqCPLSKtFa
KCFzDdQcA5fmW0cIhVijI0ZD6WhvKQ2B9UepZAOBX2ZSYD/26N67Jj97hqeFm04f
HqgOevoLTXK269gdRaX79a2SN3rmmwvzEdTffGDyZILG2rxlpJc4Sg74BoBvQq/z
+ptOyrSmCijr8watSCKYVIrMWaWZRgUFNoBDPUDTPNwGwePKGumK8qEBRJltuD9J
2ZBuzeDZ8PDL2QNq6jYEjL61rCW3olNlnoB0Bs9RppAcgsvQBQfc0KSsa04ZcI69
wTTdANSqsurAwmE+HtFIwWluJbqtLCbdm/wLu8gWjtnsD7QUnw0=
=xij4
-----END PGP SIGNATURE-----