[ubuntu/zesty-proposed] wordpress 4.7.3+dfsg-1 (Accepted)

Tue Mar 7 20:22:50 UTC 2017

wordpress (4.7.3+dfsg-1) unstable; urgency=high

  * New upstream release fixes 6 security issues Closes: #857026
  * Will update CVE IDs when available
    - CVE-2016-XXX
      Cross-site scripting (XSS) via media file metadata.
    - CVE-2016-XXX
      Control characters can trick redirect URL validation.
    - CVE-2016-XXX
      Unintended files can be deleted by administrators using the plugin
      deletion functionality.
    - CVE-2016-XXX
      Cross-site scripting (XSS) via video URL in YouTube embeds.
    - CVE-2016-XXX
      Cross-site scripting (XSS) via taxonomy term names.
    - CVE-2016-XXX
      Cross-site request forgery (CSRF) in Press This leading to excessive
      use of server resources.

Date: 2017-03-07 16:20:40.281525+00:00
Changed-By: Craig Small <csmall at debian.org>
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/wordpress/4.7.3+dfsg-1
-------------- next part --------------
Sorry, changesfile not available.