wordpress 4.7.5+dfsg-2+deb9u2 source package in Debian

Changelog

wordpress (4.7.5+dfsg-2+deb9u2) stretch-security; urgency=high

  * Backport security patches from 4.9.1 Closes: #883314
    - CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead
      of a determinate substring.
      Changeset 42272
    - CVE-2017-17092
      Remove the ability to upload JavaScript files for users who
      do not have the unfiltered_html capability
      Changeset 42275
    - CVE-2017-17093
      Add escaping to the language attributes used on html elements
      Changeset 42273
    - CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in
      RSS and Atom feeds
      Changeset 42274
  * Also backport patch for $wpdb->prepare CVE-2017-16510
    Closes: 880528

 -- Craig Small <email address hidden>  Thu, 04 Jan 2018 18:19:44 +1100

Upload details

Uploaded by:
Craig Small
Uploaded to:
Stretch
Original maintainer:
Craig Small
Architectures:
all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_4.7.5+dfsg-2+deb9u2.dsc 2.5 KiB 1d2f5008528222dbf7c14a7f31ea487779adbc51b52bb73996b945566c72dcfd
wordpress_4.7.5+dfsg.orig.tar.xz 6.0 MiB a21bc1f4042bbd77eb1ddef2cdcd3fb60f121835cf5d219a6e12a2d06a839b7f
wordpress_4.7.5+dfsg-2+deb9u2.debian.tar.xz 6.5 MiB a20936583082cdd5919e0b8c204c74007d8588ce2b60f96e07a6a7e843af1b74

No changes file available.

Binary packages built by this source