-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Apr 2018 14:22:14 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb7u21 Distribution: wheezy-security Urgency: high Maintainer: Giuseppe Iuculano <iuculano@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Changes: wordpress (3.6.1+dfsg-1~deb7u21) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-10100: the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. * Fix CVE-2018-10102: the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Checksums-Sha1: 0d4ce4c7fa31978d1148ba85d20b6960ca942d2d 2502 wordpress_3.6.1+dfsg-1~deb7u21.dsc c08807dae6551813d7fcfb825cb01098028be4f4 5159392 wordpress_3.6.1+dfsg-1~deb7u21.debian.tar.xz 022077e6998982d9774d3bec82c1efd443620615 3950908 wordpress_3.6.1+dfsg-1~deb7u21_all.deb aa240f24810bf8f4b42327f2092947d320f82986 8895968 wordpress-l10n_3.6.1+dfsg-1~deb7u21_all.deb Checksums-Sha256: b550196564c5c8183fb0792768a6233711a809a5681d07a211171a8b8a1db321 2502 wordpress_3.6.1+dfsg-1~deb7u21.dsc e8da6b4465731b55b4486d33c6e32e7e085b2756281e5e6b0b911ba07bb21090 5159392 wordpress_3.6.1+dfsg-1~deb7u21.debian.tar.xz fa41af69e19e1f4eaa5e75494410a35d559ab2d29d6885e504282b08365d3c17 3950908 wordpress_3.6.1+dfsg-1~deb7u21_all.deb 5c914b0d14a20497b36c235852821e38f5ce80a65132791fa11b6d4086325ec7 8895968 wordpress-l10n_3.6.1+dfsg-1~deb7u21_all.deb Files: cd3f89e0565c9e9635f0d2dccdcc013f 2502 web optional wordpress_3.6.1+dfsg-1~deb7u21.dsc b70eef31e9877da45dce7c0c3eeb6ba4 5159392 web optional wordpress_3.6.1+dfsg-1~deb7u21.debian.tar.xz c132095dc3ccf99096c1d8b5d7e8eb35 3950908 web optional wordpress_3.6.1+dfsg-1~deb7u21_all.deb 1fa472b52ebf4a38245e46d58b0c4df3 8895968 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u21_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrjKqpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkcpcP/iyh3FzvLHFkuBjhRz0nLNcG2+tNxFXt9+VN /K/OABYq527tQrNnHIxQ3Ma9aW6joc9xB/LPQCjQHxFniy39zxvSYGOwW2TB0FCc xGS7YVl+szgBzlmfSMLxqUGaYjdaEp/kdtDFRHE4yiFUIqarIeuHi1EuxyjC1nfs uVa9KCyxoj8FaH5ODMb/tue6WWw9fRWb/fG2G/JZz4oznZ5NiIFC9Xka6Whk2Z1g acGbeg9/BoiegoCm79q3RrjFp92TJWdpfBtzkdZ03e93cQ16YwgsLmQNAfh6GhpY XuPOWbyXpRinbNkEzSnB3lxTURJWx2sn0pkTzk0qGa54VMU2x2CLU5445AD15uZa Z8bpO91gubcRGQ33vlpUE5pyLAH3e3KMnY7xtJzYZ5ildhpO2wzpXvlX4F4HT7ZK N1xtLoE25NwrWIXOmbLuhv51uejJEgcgIFNt5B0fBIRl3WOPyJuQTsyG27MHLtfF pMsXjgCrk0FOufB3lF9xbuqNWC/ZkhIH1y/E0FMMCMAhk05GtIgfEAzRwQPbvYl0 OEIc1vGwUp1tbEgQ8imfK8HceVGb3e0CQjmZCxOx3YonHrkUJOdPi2YUzhcNXZVH 2R1MIbvOEQYBYC1h9M1uF39zeY4Tcrr1hprk9dI4OJVYAE8JgL11S24tYko7+OZw n+ti/tf3 =DaNg -----END PGP SIGNATURE-----