-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Oct 2017 07:11:32 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.5+dfsg-2+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 876274 877629 Changes: wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium . * Backport patches from 4.8.2 Closes: #876274 - CVE-2017-14723 $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) Changeset 41472, 41498 - CVE-2017-14724 Cross-site scripting (XSS) vulnerability in the oEmbed discovery Changeset 41451 - CVE-2017-14726 Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436 - CVE-2017-14719 Path traversal vulnerability in the file unzipping code Changeset 41459 - CVE-2017-14721 Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413 - CVE-2017-14725 Open redirect in the user and term edit screens Changeset 41418 - CVE-2017-14722 Path traversal vulnerability in the customizer Changeset 41430 - CVE-2017-14720 Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor) - CVE-2017-14718 Cross-site scripting (XSS) vulnerability in the link modal * Hash user activation key Closes: #877629 Fixes CVE-2017-14990 Checksums-Sha1: a9e488c4df0b36dd39b41d462f810102f26435df 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc edf2c207b6c6c173d8958c0d9191e1e0d532e042 6240440 wordpress_4.7.5+dfsg.orig.tar.xz e0417f8708cc10ca56041e972fb4ca083bdac5e4 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz 014d493c433949581827abb22faad2d3f6297844 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb 99a9c6e1853fc992fb8645dedc7fe1302353cbbf 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb db0d15595516b0867938d9fe49b7bd15bbd64ef0 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb 35adf0a11c5958aac424850a4e4304f019fced52 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb 1a1fe93a389e4ae808187c824014fc2f01d57eca 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb f86f46fb5375b65b7438360b44583563fab1ec26 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo Checksums-Sha256: 37ba9d3c65c8f242019ab92e1c896c8bbb7f6ef376f4805eff8f233ab82d869b 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc a21bc1f4042bbd77eb1ddef2cdcd3fb60f121835cf5d219a6e12a2d06a839b7f 6240440 wordpress_4.7.5+dfsg.orig.tar.xz b610d6c3784f29ce1344c107d0b39029bef293c08adbad357263d2d6bf7f4f6d 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz 441b2b00c7cb3f223a6881f0054f94f91f02c93ac0dc209bf8b1d5c653ec9be8 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb b06298da79ea789b0765b248359100fb0807a3a24249e7c126726ab21bb537a8 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb 572dffe8d5adc67d54bc69dde3b1dfa4c917d7549d2c1594ef802bd124d8735f 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb ff42d848ff38035275ab9dbe524fe8f819cf0477ac63b88d8c95e9c0b5f8e501 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb 2a0097fcf5d66f912e70f36ed27f0ad9d2888b3e08ac638f3d0a6ac66e420b53 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb 5da5441b9c3aa36ecbe618a003d703eb2a610d55648f6710feff4fe52182cf0e 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo Files: 21a555aa4c57f04d5bc92477481b9063 2567 web optional wordpress_4.7.5+dfsg-2+deb9u1.dsc acb0c5ca4df36e2eef3274d6adc4f8b8 6240440 web optional wordpress_4.7.5+dfsg.orig.tar.xz 2ac4750281b13334542a7db72cacd80d 6785340 web optional wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz da8441d62a0fc891beaf9e36137b032d 4382638 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb 3d21c554d514bcaa1cf9e30f2ce89294 700472 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb 51cdc6b546ec088cb991cb9d0d8d49b7 940094 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb fea91b00203c8603998a988bbb55bcff 589188 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb f05853250ca3347238d7acd3d908d766 4000422 web optional wordpress_4.7.5+dfsg-2+deb9u1_all.deb e27b814900766441f5aebbccefedafb6 7445 web optional wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnagMQACgkQAiFmwP88 hOM/Kg//dgoidYMOvRzgc8qubXLtoCNufKwlDsXeVsn/7K0dQ/4lcOLIC3p3Li+o GO3Bce8g1IRSN9R9PFWmkysEARpEhoLAmL7gbvIHyLbElwcraXhcbxwVj5CKlnu/ KXiH3HL+shvlpmA99vLlxv4RDN4OMBMVK/MPUtfHKxYOhfdWA2TOYVzKBaySj7AZ YyItOFb3xQsHN86jDie3Fn420DJqvrtyBdZXuFT1VoOrmmnTdczM/kl0EqONy12g vUIHNiZU++jo2gWl0ts08ncguKAvkjZ/LOJIz9L27bZQno0+s76xWpElnD8OV4QH pKtOadUA9I7toxEoLcRwiRIisK12tz2U9Hc/vStR+MPTO9OYadsK9mzybzH34nmf vrBxhLT7hdkt5OVSS4JamtSrTWCgI8yjQXRhYENMz85Asuz3dyLrdQlU12SfXt1r NyLMWGL36tMiaOMklfSwr7q7CYI1xVuyX0UIhiqg016wIzQJgb+CVGViCEfHcYMi s0+XHyCxej4d6m6cb3Rh/h6XImTMcXVGllCOHfED5U/oRdHE/LnN+B5S/Oo6X647 bgawRzSNJv+VnQasIK+9RQBBh8fRjnz4Ww9FFH3d8LyUYr09Ei1N7hitcOJR9yBC b6vJSDKMBTJhPkUaWLJFNAg5sqwZHuttbu1DkV+APCTTCRJh9+E= =G7IE -----END PGP SIGNATURE-----