-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Mar 2017 06:19:41 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u13 Distribution: jessie-security Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 857026 Changes: wordpress (4.1+dfsg-1+deb8u13) jessie-security; urgency=medium . * Backport patches from 4.7.3 Closes: #857026 - CVE-2017-6814 Cross-site scripting (XSS) via media file metadata. Changeset 40155 - CVE-2017-6815 Control characters can trick redirect URL validation. Changeset 40190 - CVE-2017-6816 Unintended files can be deleted by administrators using the plugin deletion functionality. Changeset 40176 - CVE-2017-6817 Cross-site scripting (XSS) via video URL in YouTube embeds. Chamgeset 40167 * Not vulnerable: - CVE-2017-6819 Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Press This introduced in 4.2 - CVE-2017-6818 Cross-site scripting (XSS) via taxonomy term names. Checksums-Sha1: 9dc6a86e174682f3449cd58be79d84eb3449e13c 2551 wordpress_4.1+dfsg-1+deb8u13.dsc c5eb50e0dfa3c2000f77c610c584b8b98d57c0c0 6159176 wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz e5fa9d8bdc114d7e49cb0bb515fef4068865d2a5 3173472 wordpress_4.1+dfsg-1+deb8u13_all.deb c48ecab5fe72bf8752a08bab77779cd2f093508b 4239634 wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb fe4449da60e2f40adaad880081580c44fd464262 502816 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb 273afa5c639e434a0b0550161c384caed19cf02e 804064 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb 21d37e2d4c14bccd69b19760fb7e09b2dd12f84d 321664 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb Checksums-Sha256: 2b3ac02a5a019fe03e517e1ee27bcbdb96c2bd4eae37cc71b8696798f36fef1b 2551 wordpress_4.1+dfsg-1+deb8u13.dsc 6b84b39fc797e68864d08bfe6e11f455cc18a5b098d8f93d31f03429c4a368f3 6159176 wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz 6e79466486a79e1ec9e2e3eabbd33b94332586f69de03ed5b4e09127a80d96db 3173472 wordpress_4.1+dfsg-1+deb8u13_all.deb c261fd7e6600ec94c0cddb4c670cbb7a50d2c6d5640211ae1141cd47351ee543 4239634 wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb ce299ba16a1a63823640191c63632cef4ff0915d6bf0140401f48f757a33602d 502816 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb 8f97ecac5f8e7d06b82e6a8b097b43695be4d000b8c5c06012bc99dbc547cfff 804064 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb c7b8a9cffbb279f7613b922b64d80bd3adc6b0b621aba2060a2037f330cce3f7 321664 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb Files: 5e62aea8c65b5dd7efecf8069cdf6d9c 2551 web optional wordpress_4.1+dfsg-1+deb8u13.dsc 40e7ac8123a1835746dbdbcbbd604364 6159176 web optional wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz b1d97314c1ea13752e2dc6cfc07e928d 3173472 web optional wordpress_4.1+dfsg-1+deb8u13_all.deb 68df51ca037579fb58cb035345dec217 4239634 localization optional wordpress-l10n_4.1+dfsg-1+deb8u13_all.deb 2eac51ed1ff368258895e37b504a9e15 502816 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u13_all.deb 85a6b8534707e3cdf6e57e333aff3b56 804064 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u13_all.deb 654507f743bc36f588eba44bfcafc268 321664 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u13_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAljMrl4ACgkQAiFmwP88 hOP9mBAAgZPI1aS+zf1Nqp6Za/zWU7gm2aF8pmtyrei7SwcBKiA6b1ohUfwlAomK 3sn7AX92nGcrN1Hq1hqX67sqtt9Z814x/ApskD/W5UtbsD0I4NMKjYzBiyrszaY6 u8ZmHOW4rI05U0LtCK1jOgD8VQk+hdPgZS+uhAbptMzCBBj63jNKFQCO1yIENlYP aD1k6wWpRuvPa4i4MMB9oKuW9lDtn38OLSQP0N9j8qwaid419v7PykSMf5HuoWwe Wz7Yg6Rjg1uezqh7AZNGIhsBoWHsO0FpgXDcZ5KqzVuRAUA6fZNkJvxpVuvUGzUC zPm6zp8jAoiNuBU4FRtQwwZE+ojZvdYfY96Qq2Vp04uT5KiyWUQ2cn+fMh0IYZdj cpsZRqtJogv+zrtjNNJFUPv2UWk/eeb5G2CYlCQ5EDPckvxkGESOTDRbVotBdWrA VEisNylJ6WCXwaCXBcZGqbXQInlWIBoC7FfqhV4SaFpI1E3Xy4oHo39acO4ZwQiG B0HX0PBbC88usTKKQQOpu05O5vDNR8NUrl0dTYf4lUQ1mUCQUqchhg9pYgSA0bZE BTxg5habvfjhkkPpkwSYBX3TPqCdh70uHMr+2IjVPEODFLEIti4sirc3cPVgY0EG FPKgJ/5CE60dU+DttWe0PsSOLSh6WxAd3GzCUrugIePzZh5AI18= =Y0AY -----END PGP SIGNATURE-----