-
wordpress (4.8.2+dfsg-2) unstable; urgency=high
* Hash user activation key Closes: #877629
Fixes CVE-2017-14990
-- Craig Small <email address hidden> Wed, 04 Oct 2017 21:59:11 +1100
-
wordpress (4.8.2+dfsg-1) unstable; urgency=high
* New upstream security release fixes 9 security issues closes: #876274
CVE IDs will be updated when issued
- CVE-2017-XXX
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi)
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the oEmbed discovery
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the visual editor
- CVE-2017-TBA
Path traversal vulnerability in the file unzipping code
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the plugin editor
- CVE-2017-TBA
Open redirect in the user and term edit screens
- CVE-2017-TBA
Path traversal vulnerability in the customizer
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in template names
- CVE-2017-TBA
Cross-site scripting (XSS) vulnerability in the link modal
-- Craig Small <email address hidden> Fri, 22 Sep 2017 21:57:06 +1000
-
wordpress (4.8.1+dfsg-1) unstable; urgency=medium
* New upstream release
-- Craig Small <email address hidden> Thu, 03 Aug 2017 21:35:33 +1000
-
wordpress (4.8+dfsg-1) unstable; urgency=medium
* New upstream release
-- Craig Small <email address hidden> Fri, 09 Jun 2017 22:43:40 +1000
-
wordpress (4.7.5+dfsg-2) unstable; urgency=medium
* Don't trust SERVER_NAME variable for emails
CVE-2017-8295 Closes: #862053
-- Craig Small <email address hidden> Mon, 05 Jun 2017 21:45:59 +1000
-
wordpress (4.7.5+dfsg-1) unstable; urgency=high
* New upstream release fixes 6 security issues Closes: #862816
CVEs to be added once issued
- CVE-2017-XXX
Insufficient redirect validation in the HTTP class.
- CVE-2017-XXX
Improper handling of post meta data values in the XML-RPC API.
- CVE-2017-XXX
Lack of capability checks for post meta data in the XML-RPC API.
- CVE-2017-XXX
A Cross Site Request Forgery (CRSF) vulnerability was discovered
in the filesystem credentials dialog.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered when
attempting to upload very large files.
- CVE-2017-XXX
A cross-site scripting (XSS) vulnerability was discovered related
to the Customizer.
-- Craig Small <email address hidden> Wed, 17 May 2017 22:28:18 +1000
-
wordpress (4.7.4+dfsg-1) unstable; urgency=medium
* New upstream maintenance release
-- Craig Small <email address hidden> Sat, 22 Apr 2017 09:01:42 +1000
-
wordpress (4.7.3+dfsg-1) unstable; urgency=high
* New upstream release fixes 6 security issues Closes: #857026
* Will update CVE IDs when available
- CVE-2016-XXX
Cross-site scripting (XSS) via media file metadata.
- CVE-2016-XXX
Control characters can trick redirect URL validation.
- CVE-2016-XXX
Unintended files can be deleted by administrators using the plugin
deletion functionality.
- CVE-2016-XXX
Cross-site scripting (XSS) via video URL in YouTube embeds.
- CVE-2016-XXX
Cross-site scripting (XSS) via taxonomy term names.
- CVE-2016-XXX
Cross-site request forgery (CSRF) in Press This leading to excessive
use of server resources.
-- Craig Small <email address hidden> Tue, 07 Mar 2017 21:59:02 +1100