wordpress 4.7.5+dfsg-2+deb9u1 source package in Debian

Changelog

wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium

  * Backport patches from 4.8.2 Closes: #876274
     - CVE-2017-14723
       $wpdb->prepare() can create unexpected and unsafe queries leading to
       potential SQL injection (SQLi)
       Changeset 41472, 41498
     - CVE-2017-14724
       Cross-site scripting (XSS) vulnerability in the oEmbed discovery
       Changeset 41451
     - CVE-2017-14726
       Cross-site scripting (XSS) vulnerability in the visual editor
       Changeset 41436
     - CVE-2017-14719
       Path traversal vulnerability in the file unzipping code
       Changeset 41459
     - CVE-2017-14721
       Cross-site scripting (XSS) vulnerability in the plugin editor
       Changeset 41413
     - CVE-2017-14725
       Open redirect in the user and term edit screens
       Changeset 41418
     - CVE-2017-14722
       Path traversal vulnerability in the customizer
       Changeset 41430
     - CVE-2017-14720
       Cross-site scripting (XSS) vulnerability in template names
       Changeset 41413 (same as plugin editor)
     - CVE-2017-14718
       Cross-site scripting (XSS) vulnerability in the link modal
  * Hash user activation key Closes: #877629
    Fixes CVE-2017-14990

 -- Craig Small <email address hidden>  Sat, 07 Oct 2017 07:11:32 +1100

Upload details

Uploaded by:
Craig Small
Uploaded to:
Stretch
Original maintainer:
Craig Small
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_4.7.5+dfsg-2+deb9u1.dsc 2.5 KiB 37ba9d3c65c8f242019ab92e1c896c8bbb7f6ef376f4805eff8f233ab82d869b
wordpress_4.7.5+dfsg.orig.tar.xz 6.0 MiB a21bc1f4042bbd77eb1ddef2cdcd3fb60f121835cf5d219a6e12a2d06a839b7f
wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz 6.5 MiB b610d6c3784f29ce1344c107d0b39029bef293c08adbad357263d2d6bf7f4f6d

No changes file available.

Binary packages built by this source