Your message dated Fri, 09 Sep 2016 12:19:56 +0000 with message-id <e1bikmi-0000di...@franck.debian.org> and subject line Bug#837090: fixed in wordpress 4.6.1+dfsg-1 has caused the Debian Bug report #837090, regarding wordpress: CVE-2016-6896 CVE-2016-6897 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 837090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wordpress Version: 4.5.3+dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerabilities were published for wordpress. CVE-2016-6896[0] and CVE-2016-6897[1]. It was reported that they at least affect 4.5.3, no earlier version were so far checked, since no full details to fixes given. There are more information in [2]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-6896 [1] https://security-tracker.debian.org/tracker/CVE-2016-6897 [2] https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html [3] http://seclists.org/oss-sec/2016/q3/341 Could you please have a look at those, and please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 4.6.1+dfsg-1 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 837...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 09 Sep 2016 21:56:22 +1000 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen Architecture: source all Version: 4.6.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files Closes: 837090 Changes: wordpress (4.6.1+dfsg-1) unstable; urgency=medium . * New upstream security release, Closes: #837090, fixes CVE-2016-6896 and CVE-2016-6897 Checksums-Sha1: 1d4358c33837111fffc3128aca33c33f393e52be 2523 wordpress_4.6.1+dfsg-1.dsc 3cc461c5d25a15e7e7b9552cf852fea30c656ab1 6154728 wordpress_4.6.1+dfsg.orig.tar.xz 7523306d85a2eac628343a9ebc4aca1b627d986a 6950416 wordpress_4.6.1+dfsg-1.debian.tar.xz 3dea5f97150d628b550da45aedd0c64165c4771d 4239702 wordpress-l10n_4.6.1+dfsg-1_all.deb fc874711e5a97944b7ae6bdfee0fdb6cf26a66a4 698828 wordpress-theme-twentyfifteen_4.6.1+dfsg-1_all.deb 4890067b6ad0b8cb52ad0e1be3e1d23995560845 1120184 wordpress-theme-twentyfourteen_4.6.1+dfsg-1_all.deb a3b54e972bf5ccc1804dc2bcbd650344b14906a9 587770 wordpress-theme-twentysixteen_4.6.1+dfsg-1_all.deb aef631a3f0d255d25cfa8ee5958bed64c929d019 3830938 wordpress_4.6.1+dfsg-1_all.deb Checksums-Sha256: 8afbb0bbbb7db08474fc309cec9c825705bd8cf9dd30c62d88082e41552c6358 2523 wordpress_4.6.1+dfsg-1.dsc 1ddf59a393d5bfad357790c1e2a8cc18e2d39724f91135606517ed4f2d8c35b1 6154728 wordpress_4.6.1+dfsg.orig.tar.xz 1bcd6fbb3cba02616f67881499f8dbd9aa271e7493074d5a953bfc795e7b3d29 6950416 wordpress_4.6.1+dfsg-1.debian.tar.xz 61a52bcba80b3439734a4da8a1bb07a29e4429be37aeb965cd53375fdb61a2d1 4239702 wordpress-l10n_4.6.1+dfsg-1_all.deb 0931b4c96bbb24c9896c21957f5e35d79e1b80e396721d071fcf956cc8789ea6 698828 wordpress-theme-twentyfifteen_4.6.1+dfsg-1_all.deb 7a93f7d8a6c9d885c54baf00b840a3e493301b158f50a61d77fc7b9705ea3328 1120184 wordpress-theme-twentyfourteen_4.6.1+dfsg-1_all.deb b399e11412402f09c93cc488505de5b869bab7cfbfeefe7c9e3d59333d2c7088 587770 wordpress-theme-twentysixteen_4.6.1+dfsg-1_all.deb fa9d9ceb685ce2d2c9bb7d1752a66085499fb3a79418144c56f7bf4fe31760ae 3830938 wordpress_4.6.1+dfsg-1_all.deb Files: 66256ba46886f8ab2a5e8c7ae0e29985 2523 web optional wordpress_4.6.1+dfsg-1.dsc ba1153082931208b4b81c0b342ecbdb9 6154728 web optional wordpress_4.6.1+dfsg.orig.tar.xz 7edc8d6dcbad60014a7568c1a6e4b1a4 6950416 web optional wordpress_4.6.1+dfsg-1.debian.tar.xz c3a82324d898dad4d3807452d149d4f3 4239702 localization optional wordpress-l10n_4.6.1+dfsg-1_all.deb cfa5d5cf9139fb33453ebc3ca63563ae 698828 web optional wordpress-theme-twentyfifteen_4.6.1+dfsg-1_all.deb 08550aeb4de92aedb97bd0288ac5de84 1120184 web optional wordpress-theme-twentyfourteen_4.6.1+dfsg-1_all.deb 4126d5c1a43a095f8d6b077f0834c8c6 587770 web optional wordpress-theme-twentysixteen_4.6.1+dfsg-1_all.deb 5728d78637bf947d562a3e595851d2f4 3830938 web optional wordpress_4.6.1+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJX0qPkAAoJEDk4+WvfUP6lGAUP/2dwSzMcwjmPzs5W6joecSPd rVNFmIkBoq5+mnQkP6C2hIoNH1kIG+R4aJ/Q/of3+jVJAPYz3O+YOZAMUnkubTr1 BHzSeBRUEnw2R9IbWsf3Iz7JBvj4/7XqUIb+/JhXtghZmAaOrDSJ+aw8UerB8leg 2Qtqn7Mhl9mnGNSeBrp3WmklFiGRQyTFSmWdy5Hb9KriMaquFBZRMYYd0Dt/sW5y A+mOf+O3Vs0xLN0AzclOp5O4OT4+5TDt+Ma8pqwAqMOzKDU6oUU80OsJR21/mB5f Bh/zNPT8l/L47ewMPFEP3PpubbDcGXRR9FufwDX4+rlePfalp2ugn/Dc2t8zW+cr 6dJhVDe91Y7AzYBKw+km15riy650koOdO//TBhwf+aB2ZSogdis1GMnyMy7nZ1Yb k6uY6HopghohGf5WKG8kSSZROOE8or6J6nQAr6YM7HZTZCnh7z59bFGuMMXT64Vq pDoBEHuSkhHLdCT7Df27zMfgPQWQMD+RlQbyRqB8xAcLIJtc5PfRV5et6+Jbua2N vtC1Wmw9TXSxJFZMCwSV6bFkKD22w+WTrTerhmGiW2A65X1ArHd/i1LiRqq34QNz 0B8K1+TWCzN6iZv5wihod3BKQobelvF+Kmt5QozqA+252VL/SGWq3QXDlaL4imVg EueC8+LnCxVqT8S0laB9 =syEi -----END PGP SIGNATURE-----
--- End Message ---
