[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 294-1] wordpress security update

Package        : wordpress
Version        : 3.6.1+dfsg-1~deb6u7
CVE ID         : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732 

Several vulnerabilities have been fixed in Wordpress, the popular
blogging engine.


    SQL Injection allowed a remote attacker to compromise the site.


    The robustness of the shortcodes HTML tags filter has been
    improved. The parsing is a bit more strict, which may affect
    your installation. This is the corrected version of the patch
    that needed to be reverted in DSA 3328-2.


    An attacker could lock a post that was being edited.


    Cross site scripting in a widget title allows an attacker to
    steal sensitive information.


    Fix some broken links in the legacy theme preview.

The issues were discovered by Marc-Alexandre Montpas of Sucuri, Helen
Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point,
Ivan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset.

We recommend that you upgrade your wordpress packages.

Attachment: signature.asc
Description: Digital signature

Reply to: