Bug#852767: marked as done (wordpress: 4.7.2 security release (CVE-2017-5610 CVE-2017-5611 CVE-2017-5612))

Sun, 12 Feb 2017 14:21:53 -0800 

Your message dated Sun, 12 Feb 2017 22:17:34 +0000
with message-id <e1cd2sc-000awy...@fasolo.debian.org>
and subject line Bug#852767: fixed in wordpress 4.1+dfsg-1+deb8u12
has caused the Debian Bug report #852767,
regarding wordpress: 4.7.2 security release (CVE-2017-5610 CVE-2017-5611 
CVE-2017-5612)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
852767: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: wordpress
Version: 4.7.1+dfsg-1
Severity: grave
Tags: security upstream fixed-upstream

Hi

A new wordpress release was announced, marked as security release.

Cf. http://www.openwall.com/lists/oss-security/2017/01/27/2 for the
CVE request for the three issues.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 4.1+dfsg-1+deb8u12

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csm...@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 29 Jan 2017 08:53:11 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen 
wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u12
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csm...@debian.org>
Changed-By: Craig Small <csm...@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 851310 852767
Changes:
 wordpress (4.1+dfsg-1+deb8u12) jessie-security; urgency=high
 .
   *  Backport patches from 4.7.1 Closes: #851310
      - CVE-2016-10066
        Potential Remote Command Execution (RCE) in PHPMailer
      - CVE-2017-5488
        Authenticated Cross-Site scripting (XSS) in update-core.php
      - CVE-2017-5490
        Stored Cross-Site Scripting (XSS) via Theme Name fallback
      - CVE-2017-5491
        Post via Email Checks mail.example.com by Default
      - CVE-2017-5492
        Accessibility Mode Cross-Site Request Forgery (CSRF)
      - CVE-2017-5493
        Cryptographically Weak Pseudo-Random Number Generator
      - CVE-2017-5489
        Cross-Site Request Forgery (CSRF) via Flash Upload
        Changesets 39838 and 39857, thanks Seb <s...@debian.org>
   * Backport patches from 4.7.2 Closes: #852767
      - CVE-2017-5610
        The user interface for assigning taxonomy terms in Press This is
        shown to users who do not have permissions to use it.
        Changeset 39976
      - CVE-2017-5611
        WP_Query is vulnerable to a SQL injection (SQLi)
        Changeset 39962
      - CVE-2017-5612
        XSS in the posts list table
        Changeset 39985
   * Not vulnerable
      - CVE-2017-5487
        User Information Disclosure via REST API - API doesn't exist
Checksums-Sha1:
 253d61d082ee7b20f9816d1132f6f7eb941dc9fe 2551 wordpress_4.1+dfsg-1+deb8u12.dsc
 54f8843e52895317bb448c4775983074d6f943e4 6158196 
wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 a06255b2ac28a553f71530a7c04b6c6817c730ce 3173462 
wordpress_4.1+dfsg-1+deb8u12_all.deb
 d58aab3ddbbc89749dc15a3274adc3fae51a18c5 4238812 
wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 e6bad07f7b8c99eef4bc27b7c4321f19e32ef8e2 502594 
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 bb731ada7b689b45fbed605471e6cf06e2e5923e 803820 
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 4fe4faa6c5642130f2a932d41c8c40511d91d1b7 321380 
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb
Checksums-Sha256:
 d992b41737f0cd2f7ced0a12b379ba867fb86f38b611c84afba46b382ed8397f 2551 
wordpress_4.1+dfsg-1+deb8u12.dsc
 3e664ca4320e6cd2a319e3ca9bdaacbaeb5c2181f9e9b57423c29b9e112b6ea4 6158196 
wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 406bcdeb512de8a967f51518751e05feead9a043975480342cb6bef1900114ea 3173462 
wordpress_4.1+dfsg-1+deb8u12_all.deb
 61329288c55e2b7f581a07b6d63c221d18cb671c9568883b092ceac5005760c7 4238812 
wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 ef645303cbc499189d106ce141592550c49ed9651553769802df877a407c6df5 502594 
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 18bfafb26bb3eeab7733c599d234a9bdf4a3b85f967e92a4447f6c8570d7590f 803820 
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 381ed3513c4f8e230a19c69f9439a6cb616aa987d5e8a77d310090c680511a8b 321380 
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb
Files:
 f67c4cb3a48be59312ebb62f70e4e04e 2551 web optional 
wordpress_4.1+dfsg-1+deb8u12.dsc
 4d939fe84850f132ec327075a199172f 6158196 web optional 
wordpress_4.1+dfsg-1+deb8u12.debian.tar.xz
 0d71f65b49994fb52e3d4f89c0b1d68e 3173462 web optional 
wordpress_4.1+dfsg-1+deb8u12_all.deb
 dbc626fbaea46f0e98a703a1b07aa696 4238812 localization optional 
wordpress-l10n_4.1+dfsg-1+deb8u12_all.deb
 4bf8db324e70ff9206aadddb2beebc0a 502594 web optional 
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u12_all.deb
 039ebe780c0089c252334fff1cb7aa39 803820 web optional 
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u12_all.deb
 c1ceb915129dd18e3dd09f7df1095809 321380 web optional 
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u12_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAliPKQsACgkQAiFmwP88
hOMjyA/9H6ewfYZ4HhxwbKVaxs7R1rw4ZQ2nmlvb7CvhlHyQZbh9Ffe7vT+wOK2+
Q98UVyJsEQFzDLEqfCV4NozVRtRj4uYdi61GB3ylrww5DM2b1NyueTanAEwopvBL
POR05KpvFcAp/11XsuVjPy/z6Ifx0tbKl8+WyrBDyPoQs+Y1MVIcepWk9p+Hd5kl
RanMIdfY1+7fOPLZJec8IDGYWpftB3+IjEU5P1gAX7md0eEqfU5NBgP7nM+YsaUF
/X/yNUzl7lDzxJtv2lx1ZRQq42lDcdx/bBZ+GcWDgE8HpNW/exsSx69q4Wj/I1VB
7Ptecwp38ZhFZ73bI7U2oEWnRgS3olBOqEM9tNmDezsM0rr6G6tHzMmm2ccX+RQg
hsw19u76GsKOJjOXLJJkj/eotJrKhpyK4it3DkECIgUHWPgsKEaFhojWEWr4MIDh
ckS+aOoXDBGQup8Qxw/kQUIrfpB93WVhneLkXEiUM5KCGum4Ww4Yfuo3lDeXwCsR
6TM0arzZQB8QFs7sJhandivSzJP0Ea/KTSjXwSAkDC0tV5D4hDoPRog3Rr7WIYkL
oA1dlRdEbQAwvr4XXkW5wJ+aD99dyESon0wJONofDTB9ZUYUO/FmFPcVI0beRaUe
xCbZDLIigh72dJqPLIOSFEqmWF7LJtbdL187ZkFY6qmqBamp7/A=
=ySyR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to