-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 Jan 2017 08:22:44 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.2+dfsg-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 852767 Changes: wordpress (4.7.2+dfsg-1) unstable; urgency=high . * New upstream release fixes 3 security issues Closes: #852767 - CVE-2017-5610 The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. - CVE-2017-5611 WP_Query is vulnerable to a SQL injection (SQLi) - CVE-2017-5612 XSS in the posts list table Checksums-Sha1: 7e070ca21294e15a7ad8450dbe1386d42a629f27 2539 wordpress_4.7.2+dfsg-1.dsc d72547978a92d2629b02ff365bb0946525c994fc 6137000 wordpress_4.7.2+dfsg.orig.tar.xz 5535963bbd19aa6ceac583d97f13a8cebd0a2b0e 6777332 wordpress_4.7.2+dfsg-1.debian.tar.xz 84daf68b40a8018b6fbb536ce7e70dfeadb6c55b 4382802 wordpress-l10n_4.7.2+dfsg-1_all.deb 648c8ad901c0b36befb8d04f1d21cc80332c9bfa 699592 wordpress-theme-twentyfifteen_4.7.2+dfsg-1_all.deb 43debe40af23c6669a96a3a23a4f92ba7bd45914 939326 wordpress-theme-twentyseventeen_4.7.2+dfsg-1_all.deb 204332c140e96be4c2cf489bbfd1a3d30571fd8f 588362 wordpress-theme-twentysixteen_4.7.2+dfsg-1_all.deb 260754b650c461e873d93e327ec5b61cb44abe28 3968852 wordpress_4.7.2+dfsg-1_all.deb e173a8fdd69286a20738c8fcd8c7c524e24403eb 6271 wordpress_4.7.2+dfsg-1_amd64.buildinfo Checksums-Sha256: 17d417489d84aed7293426b3151dd01e4e13cff1c25b09c758c61108827280b1 2539 wordpress_4.7.2+dfsg-1.dsc 4803e59e54c47a0324c79fc44ab868c1ff71756ce73dc45c37b3303c3af07714 6137000 wordpress_4.7.2+dfsg.orig.tar.xz 4ad9cc6f64ba2ffcbc2f55f535b1e51acdb19bea21a6b81ba56ce94f5517f98e 6777332 wordpress_4.7.2+dfsg-1.debian.tar.xz c28180b1448c8c24a6b86f63be30d39d64cce1d9271e51f02187177e249ba8c1 4382802 wordpress-l10n_4.7.2+dfsg-1_all.deb f3128513019a5239f0b53d0c9a6cfd76b0fb7b63a7800e7e757d28cd230fc898 699592 wordpress-theme-twentyfifteen_4.7.2+dfsg-1_all.deb 20b3b2e34acca79700c7ff3c695f8e6ae6a831438e390f4aa39fa6ee389c1c09 939326 wordpress-theme-twentyseventeen_4.7.2+dfsg-1_all.deb 823bbb7d589d4de223013d5aa082203f4059bb8bbd55b183720658a6bf53e24d 588362 wordpress-theme-twentysixteen_4.7.2+dfsg-1_all.deb 11407af5870054e2511ba3e5e11bbb13bad4c8c9c17a9bc08b72e4013f541f1d 3968852 wordpress_4.7.2+dfsg-1_all.deb 89bf1463c87045823aaa4ca9ef5e2c7a3a52b0b625f02e503d32719ce6aaf2ae 6271 wordpress_4.7.2+dfsg-1_amd64.buildinfo Files: 1c3388d0ff66bc64b8e51cc88476c53a 2539 web optional wordpress_4.7.2+dfsg-1.dsc 33ae0cbabdf6a44db8c54b028e0ce69f 6137000 web optional wordpress_4.7.2+dfsg.orig.tar.xz 9c75d330d906949d8ad3b533270391af 6777332 web optional wordpress_4.7.2+dfsg-1.debian.tar.xz f9bc629469c43211ba6a45d45382bd5a 4382802 localization optional wordpress-l10n_4.7.2+dfsg-1_all.deb 07aed14ce69a283bc5647f0392f199aa 699592 web optional wordpress-theme-twentyfifteen_4.7.2+dfsg-1_all.deb bef63ab1b7f30dd38a3b3aaa858e86a5 939326 web optional wordpress-theme-twentyseventeen_4.7.2+dfsg-1_all.deb c647c0f8566aafe31f5d24741103c831 588362 web optional wordpress-theme-twentysixteen_4.7.2+dfsg-1_all.deb dc9d3ad9c6f0d921d8bc8c6f57349cfe 3968852 web optional wordpress_4.7.2+dfsg-1_all.deb df3fd7d01518984ecf37c34c86d67d91 6271 web optional wordpress_4.7.2+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAliNDxAACgkQAiFmwP88 hOMKyxAAlNq0im+QSfmbBhNnBykiomjcNT5UKVDFGN8VOLU/OHiFIpOnUTlbONCX kIme6UmMtk8yHk3QjHck3yGdw13a+FIa9EO8XoL5X/HIW/EZ9IzM3gzdSIsHUXfq yflEx3zPDR1iSV+hbJSj5UbYgE3p0YYjtZqthgHOIfk8Xw88GtJpAlTgcKwN90nc k9JxIPQCVF5dSIQj4vhA+Q/uj61zHmQSCIO8K+XHWSjmj90l5x6LKUAMxfUz0jo7 zy5MGc9Ca5AMwIaVRRM0U3h2rw+2tQ4xKZVjwzm3AHxOtFScicAS7G0/MB7TI4+e AcZGsUokuDgrt16mbRrsRHd7fY8VOLfOgUEssPwKIpv1KPFKRhmomyZX0rUFC0ao z8BXy/5i+o0h2zbgbMVvXyPaWlFt+kHGUdsgkKAIl6e4yTgj0ZzTAp4tNBDRvDs9 KYoTLtDjjOPVdHtFvTPaB1TlW3Bj8z/5izgwXPktHV7gDFaYoQAbk5wWH13GjdSW P8kQIroH8A5Ctp89L46U9J+lHcdlADqCzzXwCSB/0Z6z2C+m2DiGC/fPSLWKKqPa GrwEoYhqXFSfdnu7Ia+rnOKQzsjEAUXCEhjuSTr05T1aXDGvfVYvL29BL/C5ADEm kDRDrRd6Itp8tK+3+BffhiP5UkuLaYWvWm64L6CEQNefnK7Oinc= =PA2m -----END PGP SIGNATURE-----