Source: wordpress Version: 4.5.2+dfsg-2 Severity: important Tags: security Various security fixes in wordpress 4.5.3
CVE-2016-5832 - redirect bypass in the customizer, reported by Yassine Aboukir; CVE-2016-5833 - XSS problem via attachment name reported by Jouko Pynnonen CVE-2016-5834 - XSS problem via attachment name reported by Divyesh Prajapati CVE-2016-5835 - revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; CVE-2016-5836 - oEmbed denial of service reported by Jennifer Dodd from Automattic; CVE-2016-5837 - unauthorized category removal from a post, reported by David Herrera from Alley Interactive; CVE-2016-5838 - password change via stolen cookie, reported by Michael Adams from the WordPress security team; CVE-2016-5839 - and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
