Craig Small <[email protected]> uploaded new packages for wordpress
which fixed the following security problems:
CVE-2016-10066, CVE-2016-10045
Potential Remote Command Execution (RCE) in PHPMailer
CVE-2017-5488
Authenticated Cross-Site scripting (XSS) in update-core.php
CVE-2017-5490
Stored Cross-Site Scripting (XSS) via Theme Name fallback
CVE-2017-5491
Post via Email Checks mail.example.com by Default
CVE-2017-5492
Accessibility Mode Cross-Site Request Forgery (CSRF)
CVE-2017-5493
Cryptographically Weak Pseudo-Random Number Generator
CVE-2017-5487
User Information Disclosure via REST API - API doesn't exist
CVE-2017-5489
Cross-Site Request Forgery (CSRF) via Flash Upload
For the jessie-backports distribution the problems have been fixed in
version 4.7.1+dfsg-1~bpo8+1
Attachment:
signature.asc
Description: PGP signature