[BSA-114] Security update for wordpress

2017-01-27T10:20:28
ID DEBIAN:BSA-114:66705
Type debian
Reporter Debian
Modified 2017-01-27T10:20:28

Description

Craig Small <csmall@debian.org> uploaded new packages for wordpress which fixed the following security problems:

CVE-2016-10066, CVE-2016-10045 Potential Remote Command Execution (RCE) in PHPMailer CVE-2017-5488 Authenticated Cross-Site scripting (XSS) in update-core.php CVE-2017-5490 Stored Cross-Site Scripting (XSS) via Theme Name fallback CVE-2017-5491 Post via Email Checks mail.example.com by Default CVE-2017-5492 Accessibility Mode Cross-Site Request Forgery (CSRF) CVE-2017-5493 Cryptographically Weak Pseudo-Random Number Generator CVE-2017-5487 User Information Disclosure via REST API - API doesn't exist CVE-2017-5489 Cross-Site Request Forgery (CSRF) via Flash Upload

For the jessie-backports distribution the problems have been fixed in version 4.7.1+dfsg-1~bpo8+1