tag 880528 pending thanks Hello,
Bug #880528 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?id=88c9ef8 --- commit 88c9ef8afe03dafa9499cf1065d35a0106fe8d71 Author: Craig Small <csm...@debian.org> Date: Thu Jan 4 18:26:37 2018 +1100 Restore numbered placeholders Apply changeset 42058 to restored nuymbered placeholders in wpdb::prepare() Fixes CVE-2017-16510 diff --git a/debian/changelog b/debian/changelog index b18edcf..aec750c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,8 +16,10 @@ wordpress (4.7.5+dfsg-2+deb9u2) stretch-security; urgency=high Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds Changeset 42274 + * Also backport patch for $wpdb->prepare CVE-2017-16510 + Closes: 880528 - -- Craig Small <csm...@debian.org> Sat, 09 Dec 2017 18:13:16 +1100 + -- Craig Small <csm...@debian.org> Thu, 04 Jan 2018 18:19:44 +1100 wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium