-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Jan 2018 18:19:44 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen Architecture: source all Version: 4.7.5+dfsg-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 880528 883314 Changes: wordpress (4.7.5+dfsg-2+deb9u2) stretch-security; urgency=high . * Backport security patches from 4.9.1 Closes: #883314 - CVE-2017-17091 Use a properly generated hash for the newbloguser key instead of a determinate substring. Changeset 42272 - CVE-2017-17092 Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability Changeset 42275 - CVE-2017-17093 Add escaping to the language attributes used on html elements Changeset 42273 - CVE-2017-17094 Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds Changeset 42274 * Also backport patch for $wpdb->prepare CVE-2017-16510 Closes: 880528 Checksums-Sha1: 55cb71b5cd94997ba75dbe7bb0e4e33396a6390e 2567 wordpress_4.7.5+dfsg-2+deb9u2.dsc df248276f0f664089b31893d2caada20e98dabf1 6789772 wordpress_4.7.5+dfsg-2+deb9u2.debian.tar.xz 385ea0764ef23cb7e7d1f6dc6760267c56480e70 4381066 wordpress-l10n_4.7.5+dfsg-2+deb9u2_all.deb 435025d32b6ec95a0bb1524d39f9deb87aaf657f 700666 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u2_all.deb 4c042c43df8db620fbcb2d41c3e83ab8f2202a6d 940400 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u2_all.deb b39181a1c44506e5ded048ff71bb71ec01f9a359 589388 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u2_all.deb e61f52bf9556463131077cd1dc45c4f6ce87a421 4001636 wordpress_4.7.5+dfsg-2+deb9u2_all.deb 85c59079a60f85004a4ac9e7c083efbc06775ea7 7445 wordpress_4.7.5+dfsg-2+deb9u2_amd64.buildinfo Checksums-Sha256: 1d2f5008528222dbf7c14a7f31ea487779adbc51b52bb73996b945566c72dcfd 2567 wordpress_4.7.5+dfsg-2+deb9u2.dsc a20936583082cdd5919e0b8c204c74007d8588ce2b60f96e07a6a7e843af1b74 6789772 wordpress_4.7.5+dfsg-2+deb9u2.debian.tar.xz b5b02cbfcf3c6b4c0ca14fe462dca7b55b12cc0fbbe0a062507c7aee7df6f36e 4381066 wordpress-l10n_4.7.5+dfsg-2+deb9u2_all.deb dfeb9ede00697bea5b2006d74d334e9a8c5c18b78e6ac1997ffcf25ed0870d25 700666 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u2_all.deb 067fa464da20513c7b695eb2e62138161ee0f64710aa919cd117120941bf4648 940400 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u2_all.deb fa8416e21f1b0bb940a541427b2ba7560f914dd165edf4b8a21bdff654e98f9d 589388 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u2_all.deb 2521a497c9461bf04cd5bceca1ea6cea641cbc8c7654c70c5f063b08b2c1b52a 4001636 wordpress_4.7.5+dfsg-2+deb9u2_all.deb a4e1690c432675a2944b561c5fdcca179ae95a15105d734a540ac6acdea6bfa1 7445 wordpress_4.7.5+dfsg-2+deb9u2_amd64.buildinfo Files: 2dbec2a04d3b82680024bda07e49d7e7 2567 web optional wordpress_4.7.5+dfsg-2+deb9u2.dsc 35709d7aef2653226f8ed7c338639a5e 6789772 web optional wordpress_4.7.5+dfsg-2+deb9u2.debian.tar.xz f874980bbf4286ec90b4a6bc11d0aacc 4381066 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u2_all.deb 96362e78e49b6d2f7bb8aedd42d070ec 700666 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u2_all.deb cd094c5961dcfc0b3fc0cefa0fb3cb98 940400 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u2_all.deb ac33f61cafadf2011b7f2a33df12c889 589388 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u2_all.deb 61244d755847cfc450cb8491082f9be2 4001636 web optional wordpress_4.7.5+dfsg-2+deb9u2_all.deb e928e27308338f4bf61b08ee1a5cce70 7445 web optional wordpress_4.7.5+dfsg-2+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlpQDa0ACgkQAiFmwP88 hOOrpRAAkgFRFSEVJUQS5xf8CgYRU1IuneIWAEw9kwaZZuhuNglzhaO4jeXoTw0q m6uVbuBfsmonIqw8mTh9oMuGtVvaYs3+TjDnxPPbUo6hUM4qaOqvIP0vimI2fge0 zgqhG6i9hQUNDgONkZtzX4vWDjSuHfGFD+jOzrUKL9f6KCfbZbuSx1B5Y74S2mVG lPYug35oyRLWSjghwf3EJNSoq/5iY3LqQitShsxX3IAC6HEdWiijtYQIcW4NmMak JBtWn5/Y5yLflqubfscSddgWcaG0v4QDcGD89CMZ+QBzK6pc6PDCyBthzUszKXRZ Da5wHWi+OGO5PdGzANPUOeelr9zVr3jnTihIZrVYJybuYr0cUU6cB2JXzTP20yvT BzWzgrxrS2hz3hLOWIi+S5c9kn/8t7e7xCLQ8S5Wv7oiZ1GLgRmWqnFf4AjposGn KZrkX3bw02oAFmFbv1HMjhAgN3VfEqwgRLHb/UPAqq7HqRJ43v0gPuZVSOb7MBV4 h1Xzs4QFaScR0Cg7g8L1kHqccbgkmp4VLSDz3SY4hJj0hDIts/PwZtJve+NViTdc gKJqsbe4IjraBZhIilXjYi85OFVWKQdwQpm62U1NwsDhXcDWep48bV6olkHjvk3f 1eraIYm4YJ1WqGo2sjscqIcQTAnEtT3DE2frjtBXJONxgXvMQok= =SZzV -----END PGP SIGNATURE-----