Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted wordpress 3.6.1+dfsg-1~deb7u11 (source all) into oldstable
Date: Fri, 29 Jul 2016 15:50:11 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Jul 2016 17:36:53 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u11
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u11) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Backport security fixes to Wheezy.
   * CVE-2016-5839:
     WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name
     protection mechanism via unspecified vectors.
     cs37818_media_extensionless_filenames.patch
   * CVE-2016-5835:
     WordPress before 4.5.3 allows remote attackers to obtain sensitive
     revision-history information by leveraging the ability to read a post,
     related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
     cs37800_cap_edit_post.patch
   * CVE-2016-5387:
     WordPress before 4.5.3 allows remote attackers to bypass intended access
     restrictions and remove a category attribute from a post via unspecified
     vectors.
     cs37781_taxonomy_cap_check_save.patch
   * CVE-2016-5832:
     The customizer in WordPress before 4.5.3 allows remote attackers to bypass
     intended redirection restrictions via unspecified vectors.
     cs37773_customize_preview_urls.patch
   * CVE-2016-5834:
     Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function
     in wp-includes/post-template.php in WordPress before 4.5.3 allows remote
     attackers to inject arbitrary web script or HTML via a crafted attachment name,
     a different vulnerability than CVE-2016-5833.
     cs37790_admin_escape_attach.patch
   * CVE-2016-5838:
     WordPress before 4.5.3 allows remote attackers to bypass intended
     password-change restrictions by leveraging knowledge of a cookie.
     cs37762_admin_auth_redirect.patch
Checksums-Sha1: 
 a08637cec03386e7d464b46c6e4ac6d55e1817a5 2453 wordpress_3.6.1+dfsg-1~deb7u11.dsc
 0d140c11c761e5cfa1768236cd3a6b09126c023e 5218672 wordpress_3.6.1+dfsg-1~deb7u11.debian.tar.xz
 6095d5378d9e2834d44bf339ef2c847c57c7ebcb 3979524 wordpress_3.6.1+dfsg-1~deb7u11_all.deb
 b6499db7023b55b0b9de027681b805a4d42dd3a9 8871686 wordpress-l10n_3.6.1+dfsg-1~deb7u11_all.deb
Checksums-Sha256: 
 45f3553471748b48a1e079b655319593727f634b1b081e01bdd8623b07213f32 2453 wordpress_3.6.1+dfsg-1~deb7u11.dsc
 2c751bfefa059800fc89c7c1f52544ee2616f51d2df4feb0aa68ce7eb44a7d46 5218672 wordpress_3.6.1+dfsg-1~deb7u11.debian.tar.xz
 9d0078b0c7751c0be558f3235a96f8e9a8035dd6e4cfc83bfdd1120ff1a20620 3979524 wordpress_3.6.1+dfsg-1~deb7u11_all.deb
 5c30d678f11dac21d6932ba3c8ad5ab4ff0679260e9f3ee12671125edc000802 8871686 wordpress-l10n_3.6.1+dfsg-1~deb7u11_all.deb
Files: 
 63ac077a58d3bb3db9254508508a8666 2453 web optional wordpress_3.6.1+dfsg-1~deb7u11.dsc
 e78bbdea3595d467a0b870928fce4390 5218672 web optional wordpress_3.6.1+dfsg-1~deb7u11.debian.tar.xz
 1dae09df7d9d04c9cc196e69eafd7a81 3979524 web optional wordpress_3.6.1+dfsg-1~deb7u11_all.deb
 860e9f3bf23b24aaacbefe8251afb6a3 8871686 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJXm3mgXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkEYMP/RLJGF5LoAbJxWNNKbUIJ5S0
HUIV1O4ZGyM1j4YjJFymSqHDwBwzZ5yCKhKIQoOSWhztWrT38pjavRQm5FBeVnne
lbdMir38ycunwiadMryatI0TboZJvnxgB0dngjrcg+vwZIKpwUqBt3JdxWEJvSox
e87bSyIx4YRezShDtLMZyHrQZu0OdrwD4cTD7DeGJRFmWC4vcpAZOqoM2Kp1H//D
dTxeMKxGUNoAmEEbVraS1QxfO1HNTMS4H9QHbGpG8mb3qbXSdJf0GHYWfvZCD1EM
pxRp31LNdqAtUmeLonOlbjWiXzrVaA4zIcjlFVSTDW5UREsVXWEfMaAuAoAwUECL
TnXasfra7FEjQnGSQ8qmUy+3PFxF+Rj2oEFlOvzjjz8D9aaks8F8fFOIq69SQ1lv
2nuqK7m8pYpjhbJ9DhBuazM469Hu06LPGsd2QooJy9ykem+2vfNRr0i0Ii9GuXK2
cwt49vOMulNdNxx+jaRYwfRWYjSPavRKx99IwpDjpreHRkJGEvy8RUFmOPxGWdFO
FQxqPO/tq5fRloxumF+aRgrMpwcJEXsqrZhlupJG84XJsO02ZJJzwurXnpwn+mWB
0gyfk25o4kQjeTTayHYlu1lPDnUr7PSYe/94hI6LpKvxrBTQryJnHtJnW0Ry6bXq
33Bbohe8AGel8vBZW9If
=0x+z
-----END PGP SIGNATURE-----
News for package wordpress
