Accepted wordpress 4.1.25+dfsg-1+deb8u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 Feb 2019 12:13:40 +0100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1.25+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Changes:
wordpress (4.1.25+dfsg-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-20147:
Authors could modify metadata to bypass intended restrictions on deleting files.
* Fix CVE-2018-20148:
Contributors could conduct PHP object injection attacks via crafted
metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of
serialized data at phar:// URLs in the wp_get_attachment_thumb_file
function in wp-includes/post.php.
* Fix CVE-2018-20149:
When the Apache HTTP Server is used, authors could upload crafted files
that bypass intended MIME type restrictions, leading to XSS, as
demonstrated by a .jpg file without JPEG data.
* Fix CVE-2018-20150:
Crafted URLs could trigger XSS for certain use cases involving plugins.
* Fix CVE-2018-20151:
The user-activation page could be read by a search engine's web crawler if
an unusual configuration were chosen. The search engine could then index
and display a user's e-mail address and (rarely) the password that was
generated by default.
* Fix CVE-2018-20152:
Authors could bypass intended restrictions on post types via crafted input.
* Fix CVE-2018-20153:
Contributors could modify new comments made by users with greater
privileges, possibly causing XSS.
Checksums-Sha1:
0ca0da43ce7d929aa522771e1d2c3ead15e4aecb 2719 wordpress_4.1.25+dfsg-1+deb8u1.dsc
389202ec93bf5f4c19864ea7e3fde92f63902927 4654708 wordpress_4.1.25+dfsg.orig.tar.xz
f7a828a8a0acff1a58557147309ecf8893e46dd1 6001556 wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz
e5c1700dae5e13187597818139ba4ec78e5ec3cd 3071998 wordpress_4.1.25+dfsg-1+deb8u1_all.deb
3fb4c7337249a5628f5114769542a4cc1b7e88b2 4247354 wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb
3da794d467ec338bfab7178339a44a4014beb0b7 505168 wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb
4463d3f08aeb2283055ed13cab5628f24cd42279 804258 wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb
5d6b5bb106ae709b9f0aaffa1fca4790aea0b494 323604 wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb
Checksums-Sha256:
4ed07610705779ba6e7b7b3366b070f603d48e096e22ba1ac571cdcca848e19f 2719 wordpress_4.1.25+dfsg-1+deb8u1.dsc
8672b14c8b657ac6fe8c758a01a53e7cc877ab7c25efe9f00fb851730aa9f70d 4654708 wordpress_4.1.25+dfsg.orig.tar.xz
29c72f77f65eb48ed669786fe904ce4b66eeee448f6582c387473e99cabc4d12 6001556 wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz
9d6e0ff1f6569e910bf4128462adfeb57426f0abff6feac94e5658966000b884 3071998 wordpress_4.1.25+dfsg-1+deb8u1_all.deb
d31852b3652cbf1f56884caa51ddb44ad4a6863da75e976808c88f0a3af92ab9 4247354 wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb
f99a316ab5965b741db6c524fcbf84fb5c840c2a54f22a7254985314296a11ba 505168 wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb
167bd69ba279f0e9b5ab5f8943c3109d8701c8086cea46b0158d95c634ae06d4 804258 wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb
e2a9e0ddaddb79e2381c099348744aad718f52da263382d9645b094b87d91eee 323604 wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb
Files:
d9bb7f64a9d8d8a6d7e8e46e8863faca 2719 web optional wordpress_4.1.25+dfsg-1+deb8u1.dsc
3108f8890179a86bd8b8af59a078b1f5 4654708 web optional wordpress_4.1.25+dfsg.orig.tar.xz
63016705a1b2f22cf3ab0c848c32ec59 6001556 web optional wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz
ca108c3419bc17ccce299e30aeb852d6 3071998 web optional wordpress_4.1.25+dfsg-1+deb8u1_all.deb
8199d83df897971e7a0e93c976b905b7 4247354 localization optional wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb
acb74bc9c967ae3eb87ed47b5ee09b13 505168 web optional wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb
34d620c8601de515905286cf7bbfa019 804258 web optional wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb
dc4ebb93ba63f2264d4f6a50574fd0c9 323604 web optional wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxh4U9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk3IoP/iBv/S3e0Ou3R6vYg48LirtJQRtOcKPfT6gg
8wFPELjhS8PKgbHnAaeG2ozKF+jTbHmdXa6ageSdDbjRQBSN9cL4KCcfyeYSWGun
hsE1sAF4D0xasrsQeonFVPZ9LGlSZ/t8H5IahaJtLdAXJK7OmZs9LVhNSa5LmpZD
sCAGZ19PSs++0VOcXHT/h0kqteVZf5c6fBDY0pwCywOHb+GTIYpCwJdDmhA3mIzp
CSZBkOQ6xSAkwmxhNAz0my+iOr3Lc703pY1pU0AxNn3e4WCgdg0lbVNonxJrTMYj
4bM/ymCpudI2zhtVnuuS1uDK9+mRjgdeNU1ja5XsnyqXOzALUjaOT2+T4N+smjkl
ZQ7oVZIZBixlol2V13k67c75nXL7AFIHexMBxVnfuCYfox08EbBUUaOQRxnAVMhp
9OvUQD1b9YzBLcsl4wtbnia3ow1FT4EHvVfCKGTANS/7dw4DTKSSG3Tk8AJ7KeiT
rguKU/wWVBwZU0XYmb5avH4ybiCf6fMq6oEt2jkz9MHBfEAtRwfMhdniV6FcZ9cI
3jlEoLNAoV/FFfNhJwIOXIIRJfG/eQiHWzTzOqNYWGNuXSIw6DsfVV3mXPrqOcLw
SdMXR22oyW15c2eHG27K9d9RQfNj3hj/8HB5z6yy16Y8ktmYucaYNd9lU09czHEl
cLIOyN/9
=JNMY
-----END PGP SIGNATURE-----
Reply to: