-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Apr 2018 22:49:06 +0200 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u17 Distribution: jessie-security Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 895034 Changes: wordpress (4.1+dfsg-1+deb8u17) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2018-10100: the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. * Fix CVE-2018-10102: the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. (Closes: #895034) Checksums-Sha1: abd0524fe8c3da6b5be11b02a6515075c1411c73 2702 wordpress_4.1+dfsg-1+deb8u17.dsc 52917f2617ac2c18013e11754f7211e923a99b0f 5897412 wordpress_4.1+dfsg-1+deb8u17.debian.tar.xz b92f5568c353295720e720cb4e369a9e3d6fc477 3172772 wordpress_4.1+dfsg-1+deb8u17_all.deb be26a67c4c5e56d6812506130e0013a29eac521d 4242184 wordpress-l10n_4.1+dfsg-1+deb8u17_all.deb 6d71758a4ddb6c51646b88cdaec4f7b474794b5d 504512 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u17_all.deb 0bdb09fcf0cb44348c6bf375d18c2651dbf59673 805978 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u17_all.deb 1377933c253119281765fbea5192f9e0115e9a57 322872 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u17_all.deb Checksums-Sha256: 523e4e8a5b0f035f99735d0354bd5092e2a378e9ed0cb8e9380dec9a9b2b26d3 2702 wordpress_4.1+dfsg-1+deb8u17.dsc e882087217f24a04133a847adbc66ea14b92ca92a6f1d1b01d0643046edb5618 5897412 wordpress_4.1+dfsg-1+deb8u17.debian.tar.xz 5803fe7d8d35256158bf1a6e1ba72b25b3d2eb8d686316b29f04eae3b451fb91 3172772 wordpress_4.1+dfsg-1+deb8u17_all.deb 427ff88fcc3cc8d3e180261195cd95fa49f171c9c7b28cfa8d8f71c72c47d4bb 4242184 wordpress-l10n_4.1+dfsg-1+deb8u17_all.deb 722a1d8953a32fbc04ca2ccc198f613dbf179477488a3b1d06524931db6c4995 504512 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u17_all.deb d61261e011437ff574780aa39e6c2e0b4806dce91eccf2849b8d9ed8ac87e5d1 805978 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u17_all.deb 26fa626f4ca5d67f5b382ff3c5617a7978882ecc4585f46399e05d9635d9561e 322872 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u17_all.deb Files: bb303f51ad113ab31d300adb40da4460 2702 web optional wordpress_4.1+dfsg-1+deb8u17.dsc bfde339ba7d059062acffcf8778baa99 5897412 web optional wordpress_4.1+dfsg-1+deb8u17.debian.tar.xz 4e2709f80a17c3a0855f79f5bfb18061 3172772 web optional wordpress_4.1+dfsg-1+deb8u17_all.deb bd989cf4405dab02574b7bb3536e83c1 4242184 localization optional wordpress-l10n_4.1+dfsg-1+deb8u17_all.deb 8e4cdee77adc90f832fcc8443d7e3b60 504512 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u17_all.deb df61bff84f69b6fe312fed157e2bd9bf 805978 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u17_all.deb 0b5c5fc23d0e350c520c738aed0b9171 322872 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u17_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrlzvJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkuw4P/joXeCGNOMpLL5/BnBhGZ18t7n3UbmOPXGLC G4OehkWZX8/t/AAC89FzLQ66HN1zgDjp4Y6fC0EIlXgqKlX6f5wLaIkjCvaErR6v ebBkkckaIdOwQdDtg0JBp6hTg+d1UxuV3nDle6AyBXjnoUfXdc7KIaSkmw5DIPgH 8yPNxmcjs8ECp2h1C0l4RxxG+fSe20of/GsVgBrY+J2Sxh2IeGrLjWZbT4Gdb4Vn nEgZd7Xe3CzjJsmEFnJZAEXlMsIlJ21JuZictVZYcQNBaYdFuNGstC9+efO+nZ8d sk0TBWLCldgXnkcVSXcHHsoTl51vp3hKlJ7NuQy8vWpQzswMHdT7kKLuf7mip947 aR4Ks0v8sK7tXSc5I6FSPmN1Zr8X1IJ0gXCuHdp7SkXtmIwyXgjWmCkRQd4kPyTK vdGcCBBx+lYX0kSp+qhkrG/CRjKsJsJzmh0SbixsUJfhpeaQI0qWnVv9dtlRcONi N3m9VghAUP+hzTz1wAAMJB1X2xAwR96BsblNadiEORuLX+wVFLodvXWTYG9HuTTC OKQF/M1rlIjal99Rb52Fnul0EvhvFdujIXNIOMRMIds+6NWA25mbMw0GgxoNj6sU GwQLdYn7q7r0N7X5Pu6Izn9J3jnCcl2aXiR9kaunCnN0/xupGxfTa2QoyC5m14KQ M5/BJN4Q =lfdZ -----END PGP SIGNATURE-----