tag 862816 pending
thanks
Hello,
Bug #862816 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?id=0050c31
---
commit 0050c31bc2ea93652dc0b65bd10cedd9a415153b
Author: Craig Small <csm...@debian.org>
Date: Thu May 18 22:52:59 2017 +1000
changelog 4.7.5 security changesets identified
diff --git a/debian/changelog b/debian/changelog
index eef259f..963f83e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+wordpress (4.1+dfsg-1+deb8u14) UNRELEASED; urgency=medium
+
+ * Backport patches from 4.7.5 Closes: #862816
+ CVEs to be added once issued
+ - CVE-2017-XXX
+ Insufficient redirect validation in the HTTP class.
+ (may not be vulnerable, no patch found)
+ - CVE-2017-XXX
+ Improper handling of post meta data values in the XML-RPC API.
+ Changeset 40699
+ - CVE-2017-XXX
+ Lack of capability checks for post meta data in the XML-RPC API.
+ Changeset 40684
+ - CVE-2017-XXX
+ A Cross Site Request Forgery (CRSF) vulnerability was discovered
+ in the filesystem credentials dialog.
+ Changeset 40730
+ - CVE-2017-XXX
+ A cross-site scripting (XSS) vulnerability was discovered when
+ attempting to upload very large files.
+ Changeset 40743
+ - CVE-2017-XXX
+ A cross-site scripting (XSS) vulnerability was discovered related
+ to the Customizer.
+ Changeset 40711
+
+ -- Craig Small <csm...@debian.org> Thu, 18 May 2017 22:34:52 +1000
+
wordpress (4.1+dfsg-1+deb8u13) jessie-security; urgency=medium
* Backport patches from 4.7.3 Closes: #857026
