wordpress 4.7.5+dfsg-2+deb9u1 source package in Debian

Changelog

wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium

  * Backport patches from 4.8.2 Closes: #876274
     - CVE-2017-14723
       $wpdb->prepare() can create unexpected and unsafe queries leading to
       potential SQL injection (SQLi)
       Changeset 41472, 41498
     - CVE-2017-14724
       Cross-site scripting (XSS) vulnerability in the oEmbed discovery
       Changeset 41451
     - CVE-2017-14726
       Cross-site scripting (XSS) vulnerability in the visual editor
       Changeset 41436
     - CVE-2017-14719
       Path traversal vulnerability in the file unzipping code
       Changeset 41459
     - CVE-2017-14721
       Cross-site scripting (XSS) vulnerability in the plugin editor
       Changeset 41413
     - CVE-2017-14725
       Open redirect in the user and term edit screens
       Changeset 41418
     - CVE-2017-14722
       Path traversal vulnerability in the customizer
       Changeset 41430
     - CVE-2017-14720
       Cross-site scripting (XSS) vulnerability in template names
       Changeset 41413 (same as plugin editor)
     - CVE-2017-14718
       Cross-site scripting (XSS) vulnerability in the link modal
  * Hash user activation key Closes: #877629
    Fixes CVE-2017-14990

 -- Craig Small <email address hidden>  Sat, 07 Oct 2017 07:11:32 +1100