Changelog
wordpress (4.7.5+dfsg-1) unstable; urgency=high
* New upstream release fixes 6 security issues Closes: #862816
CVEs to be added once issued
- CVE-2017-XXX
Insufficient redirect validation in the HTTP class.
- CVE-2017-XXX
Improper handling of post meta data values in the XML-RPC API.
- CVE-2017-XXX
Lack of capability checks for post meta data in the XML-RPC API.
- CVE-2017-XXX
A Cross Site Request Forgery (CRSF) vulnerability was discovered
in the filesystem credentials dialog.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered when
attempting to upload very large files.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered related
to the Customizer.
-- Craig Small <email address hidden> Wed, 17 May 2017 22:28:18 +1000