Debian
wordpress package

wordpress 4.1+dfsg-1+deb8u13 source package in Debian

Changelog

wordpress (4.1+dfsg-1+deb8u13) jessie-security; urgency=medium

  * Backport patches from 4.7.3 Closes: #857026
    - CVE-2017-6814
      Cross-site scripting (XSS) via media file metadata.
      Changeset 40155
    - CVE-2017-6815
      Control characters can trick redirect URL validation.
      Changeset 40190
    - CVE-2017-6816
      Unintended files can be deleted by administrators using the plugin
      deletion functionality.
      Changeset 40176
    - CVE-2017-6817
      Cross-site scripting (XSS) via video URL in YouTube embeds.
      Chamgeset 40167
  * Not vulnerable:
    - CVE-2017-6819
      Cross-site request forgery (CSRF) in Press This leading to excessive
      use of server resources.
      Press This introduced in 4.2
    - CVE-2017-6818
      Cross-site scripting (XSS) via taxonomy term names.

 -- Craig Small <email address hidden>  Thu, 16 Mar 2017 06:19:41 +1100

Upload details

Uploaded by:
Craig Small
Uploaded to:
Jessie
Original maintainer:
Craig Small
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_4.1+dfsg-1+deb8u13.dsc 2.5 KiB 2b3ac02a5a019fe03e517e1ee27bcbdb96c2bd4eae37cc71b8696798f36fef1b
wordpress_4.1+dfsg.orig.tar.xz 4.5 MiB 11ca9ce2f5b05866df9521a50b8be22ac2315f652aa95ba49bdb202c5dda4954
wordpress_4.1+dfsg-1+deb8u13.debian.tar.xz 5.9 MiB 6b84b39fc797e68864d08bfe6e11f455cc18a5b098d8f93d31f03429c4a368f3

No changes file available.

Binary packages built by this source