[BSA-114] Security update for wordpress

To: debian-backports-announce@lists.debian.org
Cc: Rodrigo Campos <rodrigo@sdfg.com.ar>
Subject: [BSA-114] Security update for wordpress
From: Craig Small <csmall@debian.org>
Date: Mon, 23 Jan 2017 18:39:04 +1100
Message-id: <[🔎] 20170123073904.smt5him4toexhfzg@enc.com.au>
Mail-followup-to: Craig Small <csmall@debian.org>, debian-backports-announce@lists.debian.org, Rodrigo Campos <rodrigo@sdfg.com.ar>

Craig Small <csmall@debian.org> uploaded new packages for wordpress
which fixed the following security problems:

CVE-2016-10066, CVE-2016-10045
  Potential Remote Command Execution (RCE) in PHPMailer
CVE-2017-5488
  Authenticated Cross-Site scripting (XSS) in update-core.php
CVE-2017-5490
  Stored Cross-Site Scripting (XSS) via Theme Name fallback
CVE-2017-5491
  Post via Email Checks mail.example.com by Default
CVE-2017-5492
  Accessibility Mode Cross-Site Request Forgery (CSRF)
CVE-2017-5493
  Cryptographically Weak Pseudo-Random Number Generator
CVE-2017-5487
  User Information Disclosure via REST API - API doesn't exist
CVE-2017-5489
  Cross-Site Request Forgery (CSRF) via Flash Upload

For the jessie-backports distribution the problems have been fixed in
version 4.7.1+dfsg-1~bpo8+1

Attachment: signature.asc
Description: PGP signature

Reply to:

Next by Date: [BSA-112] Security Update for iucode-tool
Next by thread: [BSA-112] Security Update for iucode-tool
Index(es):
- Date
- Thread