-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Sep 2016 08:07:11 +1000 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 837090 Changes: wordpress (4.1+dfsg-1+deb8u10) jessie-security; urgency=high . * Backport patches from 4.6.1/4.1.13 Closes: #837090 * CVE-2016-6896 and CVE-2016-6897 not vulnerable * Changeset 38538 sanitize filename in media CVE-2016-7168 * Changeset 38524 sanitize filename upload upgrader CVE-2016-7169 * CVE-2016-4029: WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. * CVE-2016-6634: Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. * CVE-2016-6635: Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. Checksums-Sha1: f092fb1eb33a47380c0ec8ca362c52ebf9906746 2537 wordpress_4.1+dfsg-1+deb8u10.dsc ac437190e0ea392da4ccc5262ef9233c35166ae5 6126040 wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz 184e136386021352b8090b5d25a1460d861e1349 3172420 wordpress_4.1+dfsg-1+deb8u10_all.deb 106fa24dea9a667e2fe2f479e87a19331ca87f59 4236622 wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb 66e6711ced807d7af8771bcdf3211b099ce64ede 502012 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb fa5a2d486a3eb707d60651ffca0f7a6a9e207337 801288 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb f868dc86ebd32ef10034fe9688b26dd1fcd76e92 320818 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb Checksums-Sha256: 6ab7fae71273080f38af849cb9cd469f1a77734e882974c77fdf179ea0273513 2537 wordpress_4.1+dfsg-1+deb8u10.dsc f44383ee88b7816a3c488e11dd677a60cdc5411eeaae54ad382d541b48696db9 6126040 wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz f5bf9e0ae17c6b84dbead1cccb17f0a91297d740937c67f88c5f0a16bdf15a58 3172420 wordpress_4.1+dfsg-1+deb8u10_all.deb 4f25747f8aa08812dcfa20741d767dd8fce1ebf8788551258cffd5b4c6c60c02 4236622 wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb ab3ee769d3e1b6687ff19f3dfbfd6fcf41b7778d01e2503cfa0aa8f1d069e34d 502012 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb b73dd46064424228517c128f4049bff2433952fe15a154dacea671c41570d622 801288 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb 823f8691bad4935579cb9b2268858595b969195ad0b9be1bf677d81c45c6e390 320818 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb Files: 26fed67c2608fdd016e21c6b053fa5a0 2537 web optional wordpress_4.1+dfsg-1+deb8u10.dsc 41d651a14a8da2b48b35d48f9cf62f4e 6126040 web optional wordpress_4.1+dfsg-1+deb8u10.debian.tar.xz a2a50da05c206e3e0944e8f302a8fc04 3172420 web optional wordpress_4.1+dfsg-1+deb8u10_all.deb 4aa8009cb1635461452bf6d32b8691a6 4236622 localization optional wordpress-l10n_4.1+dfsg-1+deb8u10_all.deb 6586be82424fc8cd5702ae6d96d7f84d 502012 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u10_all.deb dbed8d1ee41b97fa711b84dd2206865e 801288 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u10_all.deb 079a7a7a65438785127c9c450bfcba54 320818 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u10_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJX66gXAAoJEDk4+WvfUP6loIUP/2V+lv69Nhy8JfeRgT0ZcMaw IL3ZTpD20NJNVzUP/b2uoR9qjkgH0zVrboUgusDDR8pJH+qFe/NPPA8/lVHb4xt5 j0s8gHuyzXu95Y3rtPskGI2B7CXTaiblteVpBipBGnnHZG1+GS2+ZOLnCfLchrNv 4gO8fl6LbJEsPKGVQ9sNj0Vnywof+YHXNpRV2jXt5mHvH7fUtguNoMHkCRGXeDkU tm5kud3C1h9T3ep52c1pXIPa2zvyXtoLuJeRRwnrSUtFE9ZQ5CYJAVHAjJsSn54c ywD+szuHksKAQoAP4zoU2xNsbOEI1mUg3346WMFyDgYBj43Nz1oB/GZ8VDridSCm LROcqZMQAJfMuuFoUXnKsoqOZrJBVKQq57oyaluqnhNezrRo0WkOGLYkuT2C7gxB byVdN3YC/a0qsYbHWN2YgjEgH+mbaJu25V8j8ExxeGDQ0ta5sCied4npsKY5qsLL hZ19y77lCjDvYzUMnCKH+oBzWNaiBp72iA6U4KQSw67SzhJhVOv8XxtCOiYVmB2T Sco8MuT7YxGQpssRPyRdjf0K6BYKICNVNnbHAcdCY3aXlcgZbOsHFDsCwij6jd8+ majcQptNIXTVt92Vi+wskRBMPDeqCrBffLL3eweZBeLE7huhWiqg9AkSV2mhcZj3 KOP7lnTWqLX0kyYaro7Q =xbRS -----END PGP SIGNATURE-----