-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 20 Oct 2017 18:44:24 -0300 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: all source Version: 4.7.5+dfsg-2+deb9u1~bpo8+1 Distribution: jessie-backports Urgency: medium Maintainer: Craig Small <csmall@debian.org> Changed-By: Rodrigo Campos <rodrigo@sdfg.com.ar> Closes: 876274 877629 Description: wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files wordpress - weblog manager Changes: wordpress (4.7.5+dfsg-2+deb9u1~bpo8+1) jessie-backports; urgency=medium . * Rebuild stretch version for jessie-backports. * Fixes security issues, see 4.7.5+dfsg-2+deb9u1 entry . wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium . * Backport patches from 4.8.2 Closes: #876274 - CVE-2017-14723 $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) Changeset 41472, 41498 - CVE-2017-14724 Cross-site scripting (XSS) vulnerability in the oEmbed discovery Changeset 41451 - CVE-2017-14726 Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436 - CVE-2017-14719 Path traversal vulnerability in the file unzipping code Changeset 41459 - CVE-2017-14721 Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413 - CVE-2017-14725 Open redirect in the user and term edit screens Changeset 41418 - CVE-2017-14722 Path traversal vulnerability in the customizer Changeset 41430 - CVE-2017-14720 Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor) - CVE-2017-14718 Cross-site scripting (XSS) vulnerability in the link modal * Hash user activation key Closes: #877629 Fixes CVE-2017-14990 Checksums-Sha1: 90a156091be7b3818c317386182340152cbc7fca 2668 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.dsc dcda056d8ee1c3287258043dc600b8bbe9e2a944 6785784 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.debian.tar.xz af055acba8d47613261455e6d4c10749fe1122e7 5952 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_source.buildinfo dae3692ba46934aade6018dd03729133fd774b26 4008472 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 70dfe51311723e15322c5435f34e2bde0b78d1ca 4448298 wordpress-l10n_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 744359e164f394b173c75062c7ec3a91e0cdf121 589532 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 6b6d963d145b91b5e62ad818ccd32d960991bc8a 700696 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 482ab506375cb12a1927149370317ba75a8406e7 941176 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb Checksums-Sha256: bd862b4c6118a83f1583e14b2e6977ac8cdea362d4eec1fc51f22d9b83b84e69 2668 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.dsc e95b9e532d51c2383a15f07840dc8c68727b3637c64c3e9c5403174b7b79364b 6785784 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.debian.tar.xz 63e0d6371ae673363ed84321267764414455364c3af5ed1b43cd3d1765c524e5 5952 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_source.buildinfo afede3239a5d0d1c4d5b9835ba09e7d5ff9385aea04dab16a6f36c2ee37794c5 4008472 wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 6ad73aeba7c356ea1cbf222753ea2d269bb6ec2027ebcccc4031afe22fee877b 4448298 wordpress-l10n_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb a65f8abf3a31cf174dc2608c001c30da7c960df3ea035e3e7c957a66227e22e6 589532 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 120619e62663f5a37631589bdfb292b7088abbc0014108414e9d51098d8a0e54 700696 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 8bd0fdedb4a64ed1563a943fd3120acf4016013ba57e92349612acd028bb4c20 941176 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb Files: 88ba1a404eb9ce39fbe90c6c1c1367ad 2668 web optional wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.dsc 7dea6b33b10716bba7a85731d4f82604 6785784 web optional wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1.debian.tar.xz 4bab82acec769f1cc79893e024d147e6 5952 web optional wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_source.buildinfo dd706b237fb9f8bee52915412fc0e5e4 4008472 web optional wordpress_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 8157a91e685dca2c289be9e047383a33 4448298 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb a3bb6bc4fe42e8146664b12cf26d1571 589532 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 8ee5c9dd32c3734a3b69520bbdbce4de 700696 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb 9bfcd60005cedfb44c6c0b42119cd1ce 941176 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1~bpo8+1_all.deb -----BEGIN PGP SIGNATURE----- iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAlodWekNHGRvbUBlYXJ0 aC5saQAKCRDABX5xTWlPsnEKEACy1KMBIGAqCP5aTcYXMSqtp9xbGS+EylZKWF7D 9VB7VFS+6OI3avRhNw0KVKOCCa0WAt0LswhHCSKi09i3Gmyj8pnGi4PKcK15M2/h tFYm84RuJm6gWoRNwjIDyRbr+gnyExCkO3WV4XUjbGwSzKIydKSD7l6i8l9p/LQY ly/nIxtNiM70WbOl7EfyIHPaIyeTMljYzd97x/H+uXqfEy4AdW9lLVLIU4ATOYJy VX5T37qpi+luSoif7NFmFhqHdceERHpJNek94U1Eec70cxLZZQTwHb9TKUWYj80U tBl24ZMvgvUJKc96m5JecngqKnNVJAgEisz0HSg0WxZTHYD7FJGlzcf8YxvmbIQ1 MGYZ17XRbmRdGSdPCOblSy39AkWiab4jnxeqnNOzNNG/eSwK0M4X3tkgrlUCSU/c JaA29KNompPBROU+c17RuOCPd8ckmfkzsx0hpZxQZeUziZw/rNL07c6UR+0C0jJn nxlC765/ANTwR5NU718hODF1OXmLxSBXvR/Kw5I9zuMWPTU4Hqg7tnZ2HNxnn2cB k2A17+OPWIU2x9CEhroryL3v33vdRVDjldhf2lfPp3d/tLyxekMDKz/XaY4VnAbA OsfatMt3khgXbgN6cbkrGizz+7lzWTw62MmX3L15YMfEei384bU5H1WpkB8r2Ecj IO9tTA== =++q+ -----END PGP SIGNATURE-----