Source: wordpress Version: 4.5.3+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole
Hi, the following vulnerabilities were published for wordpress. CVE-2016-6896[0] and CVE-2016-6897[1]. It was reported that they at least affect 4.5.3, no earlier version were so far checked, since no full details to fixes given. There are more information in [2]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6896 [1] https://security-tracker.debian.org/tracker/CVE-2016-6897 [2] https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html [3] http://seclists.org/oss-sec/2016/q3/341 Could you please have a look at those, and please adjust the affected versions in the BTS as needed. Regards, Salvatore
