Accepted wordpress 3.6.1+dfsg-1~deb7u20 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Dec 2017 20:18:20 +0100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u20
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Changes:
wordpress (3.6.1+dfsg-1~deb7u20) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Backport security fixes from 4.9.1.
* CVE-2017-17091:
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to
a string that can be directly derived from the user ID, which allows remote
attackers to bypass intended access restrictions by entering this string.
* CVE-2017-17092:
wp-includes/functions.php in WordPress before 4.9.1 does not require the
unfiltered_html capability for upload of .js files, which might allow
remote attackers to conduct XSS attacks via a crafted file.
* CVE-2017-17093:
wp-includes/general-template.php in WordPress before 4.9.1 does not
properly restrict the lang attribute of an HTML element, which might allow
attackers to conduct XSS attacks via the language setting of a site.
* CVE-2017-17094:
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict
enclosures in RSS and Atom fields, which might allow attackers to conduct
XSS attacks via a crafted URL.
Checksums-Sha1:
e24f2208871cab81d3e1b969930a5f6e94054455 2488 wordpress_3.6.1+dfsg-1~deb7u20.dsc
95bb1d67c97081fd36f5449fc51c6be77af68315 5282284 wordpress_3.6.1+dfsg-1~deb7u20.debian.tar.xz
9cd58477793a841c74a636994e1048e47aefd1e7 3960758 wordpress_3.6.1+dfsg-1~deb7u20_all.deb
5211935e71ab204a4779d244e8abfdc9b7f6c4af 8871982 wordpress-l10n_3.6.1+dfsg-1~deb7u20_all.deb
Checksums-Sha256:
f84194ff111a249f7e9a0c6b8262651585c6a26d31375b5aaf1c51fa45f35428 2488 wordpress_3.6.1+dfsg-1~deb7u20.dsc
0263172ae6a11d89dbd2037a9ebe8dc078f5f536a96d4a5b0537a04cd8a87cd4 5282284 wordpress_3.6.1+dfsg-1~deb7u20.debian.tar.xz
8c0e1341b059d24182e9b7cfaaec64f3c3596b056d959fb3d647b7da8bf5d41e 3960758 wordpress_3.6.1+dfsg-1~deb7u20_all.deb
e5b5c6763a0e3780c02e30827f0b1c815a561cef8970e130e5aa5af3f3829496 8871982 wordpress-l10n_3.6.1+dfsg-1~deb7u20_all.deb
Files:
3c01e233d91545e44afe56f83382de56 2488 web optional wordpress_3.6.1+dfsg-1~deb7u20.dsc
f5861dd5ce7ef3a6778ab3c4720e0003 5282284 web optional wordpress_3.6.1+dfsg-1~deb7u20.debian.tar.xz
c841b43a3943df7bdb23225f78e60d44 3960758 web optional wordpress_3.6.1+dfsg-1~deb7u20_all.deb
cb37bbd2adeb0fe73b9d54fa7f623e31 8871982 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u20_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlo8DOZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkQAgP/RAy13/D6ToYQy+b/bjW9XJNqOe4xuq5p55e
IXNUCIR5He/anlJOJ08M9wxtjLglxvR54XgPPbaI+8rqEdrom7O02VWEv5tfG0dE
bsQ4TkOzvr11s7uoiXXAUshQd02zUjXchfT2WkWGrSPjFn1cIot72HUElD8b8UP/
o3pZacepk1ipjETkmEKFLAtoVfryUVksH7SWlNbdV6UEG6CKrd1LXgk9c+BUzoQW
fVKPwQ38O/EVThe2Bu1jdAd+YK2LW13pM+T2jugcho27v4Bb/HJpoGJJmiRG4LsT
UU7JdfVxI7cnC1VtfHyo3EvOVFGYUl147engxw59bLHqzEgfFbBdwlGTeZIwRonu
HYi5X3ne1S6Tv+/uIrWdBSCUbvNDKdSKTUXktIzUzmsj2JFHzGwsmhpuFOWmYB8X
cRwvbON1Qu3QtYz2TiP1YyEZpm7ALrubrOPcRcy9nkuG1G1ZRGJvxSpr2YPOZZSG
ZnHhRPyFAXQSne8AvLHJGB9Qx7UZjGn5Fizbv1iA6x+X2MuajMSgAoLFr+rfEnmn
yeQeIL/ZKV/YPh//1j/SbuM6A+bN7dsYd+j+x8Zwu0kv5Ss8gPbjFtwwgfgxLX7O
U7lDVIcdq5bi2Z2sG6X5C38sMhYOscAQgLwwHanUCNuEJQqfew9+KYy46ilDknJV
Tj+/NqMp
=u76J
-----END PGP SIGNATURE-----