tag 857026 pending
thanks
Hello,
Bug #857026 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=825b437
---
commit 825b4377310c6b64ffc9707def7393cbbebcb8eb
Author: Craig Small <csm...@debian.org>
Date: Thu Mar 9 11:35:59 2017 +1100
Backport the 4.7.3 changesets
Security fixes for 6 security issues.
diff --git a/debian/changelog b/debian/changelog
index c06e802..3f85218 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+wordpress (4.1+dfsg-1+deb8u13) UNRELEASED; urgency=medium
+
+ * Backport patches from 4.7.3 Closes: #857026
+ - CVE-2016-XXX
+ Cross-site scripting (XSS) via media file metadata.
+ Changeset 40155
+ - CVE-2016-XXX
+ Control characters can trick redirect URL validation.
+ Changeset 40190
+ - CVE-2016-XXX
+ Unintended files can be deleted by administrators using the plugin
+ deletion functionality.
+ Changeset 40176
+ - CVE-2016-XXX
+ Cross-site scripting (XSS) via video URL in YouTube embeds.
+ Chamgeset 40167
+ * Not vulnerable:
+ - CVE-2016-XXX
+ Cross-site request forgery (CSRF) in Press This leading to excessive
+ use of server resources.
+ Press This introduced in 4.2
+ - CVE-2016-XXX
+ Cross-site scripting (XSS) via taxonomy term names.
+
+ -- Craig Small <csm...@debian.org> Wed, 08 Mar 2017 14:26:42 +1100
+
wordpress (4.1+dfsg-1+deb8u12) jessie-security; urgency=high
* Backport patches from 4.7.1 Closes: #851310
