Craig Small <csmall@debian.org> uploaded new packages for wordpress which fixed the following security problems: CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution (RCE) in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting (XSS) in update-core.php CVE-2017-5490 Stored Cross-Site Scripting (XSS) via Theme Name fallback CVE-2017-5491 Post via Email Checks mail.example.com by Default CVE-2017-5492 Accessibility Mode Cross-Site Request Forgery (CSRF) CVE-2017-5493 Cryptographically Weak Pseudo-Random Number Generator CVE-2017-5487 User Information Disclosure via REST API - API doesn't exist CVE-2017-5489 Cross-Site Request Forgery (CSRF) via Flash Upload For the jessie-backports distribution the problems have been fixed in version 4.7.1+dfsg-1~bpo8+1
Attachment:
signature.asc
Description: PGP signature