Debian
wordpress package

wordpress 4.1+dfsg-1+deb8u14 source package in Debian

Changelog

wordpress (4.1+dfsg-1+deb8u14) jessie-security; urgency=medium

  * Backport patches from 4.7.5 Closes: #862816
   - CVE-2017-9062
     Improper handling of post meta data values in the XML-RPC API.
     Changeset 40699
   - CVE-2017-9065
     Lack of capability checks for post meta data in the XML-RPC API.
     Changeset 40684
   - CVE-2017-9064
     A Cross Site Request Forgery (CRSF) vulnerability was discovered
     in the filesystem credentials dialog.
     Changeset 40730
   - CVE-2017-9061
     A cross-site scripting (XSS) vulnerability was discovered when
     attempting to upload very large files.
     Changeset 40743
   - CVE-2017-9063
     A cross-site scripting (XSS) vulnerability was discovered related
     to the Customizer.
     Changeset 40711
  * CVE-2017-9066 not fixed as the relevant code has changed dramatically
    and there is no upstream patch for it.
    Insufficient redirect validation in the HTTP class.
  * CVE-2017-8295 Don't use client-provided data to form password reset
    from email address, from WordPress ticket #23239 Closes: #862053

 -- Craig Small <email address hidden>  Wed, 24 May 2017 22:24:48 +1000

Upload details

Uploaded by:
Craig Small
Uploaded to:
Jessie
Original maintainer:
Craig Small
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_4.1+dfsg-1+deb8u14.dsc 2.2 KiB 609a1a1e165605c45aed4374962112511f5d2b51c2a22c3a4c2db39247bdcfa2
wordpress_4.1+dfsg.orig.tar.xz 4.5 MiB 11ca9ce2f5b05866df9521a50b8be22ac2315f652aa95ba49bdb202c5dda4954
wordpress_4.1+dfsg-1+deb8u14.debian.tar.xz 5.8 MiB 3e661549549ed624dcae24c794f95e61d3092edcb8e8676fdfb045a7ba1ddead

No changes file available.

Binary packages built by this source