-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: wordpress Version: 4.2.3+dfsg-1 Severity: grave Tags: security, fixed-upstream
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandà of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. For more information please see: https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ http://openwall.com/lists/oss-security/2015/08/04/5 - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVwLJNAAoJECet96ROqnV08QwQAMJvwXTWaHZssqXCPTo77H1R vXHSu865JrpSjZkBruXA3yJzqefL8u1bCtxAMn1xIMYKCoweHvQyhce1ipBLM5NG CT9XGZUUPrvjAkiwNSkWnwm475ixH8AdsZvUXqQY5Yb2QcA/KBAPjMfu5IS12FTM PN3fg3OKOYgJlaVAzai/He1IMakzPyH9l+7NCa8lr1upJIJ1v5xyMzfTzyZ9hZnW dcpWFcP5/MjvkTGtqyDtc0s/Q5qHJPQEYYGvQTrGo9yo567t6xzjuVSHwWUhnlTT C41RV0VbjpPefhFcuR51wt0mMy77TB+DJh8lMl5XH5zQCE4/YjCPZ356I1EnKJ7g /2Xj0JbovF0b+eK+Xr+7VW8j8npf9gx2QALiQnFXS8EuaE4Aap2xxpDHLlqJiSl2 xK/+u67EnkkO1KRpztMNcSyUxEulQQZnEMD151Sg+8SanbfF5H4cHzea5zf8keTm EtPQ+48loWFe1N1c11xPgKLYU5SqOz5puwKqkzftD4mhnYarUrlulPy+enMVrM0o kMCnIyJWwo90pu3PGs4eT4XLsoxeyZMBJMjo2F6g4+eywl1/Hcw/qKMWi2Cau9IY GYm1KAZXl+X57heGyYj2nmZLidx3D8lX1ypGUtSXkIZ3EU5lZ2ZpGSPxONoYptkg 8HjdESDayI1Z6aHajdj7 =5NXI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org