-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : wordpress Version : 3.6.1+dfsg-1~deb7u15 CVE ID : CVE-2017-8295 CVE-2017-9061 CVE-2017-9062 CVE-2017-9063 CVE-2017-9064 CVE-2017-9065 Debian Bug : 862053 862816
Several vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2017-8295 Potential unauthorized password reset vulnerability. More information are available at: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html CVE-2017-9061 A cross-site scripting (XSS) vulnerability exists when someone attempts to upload very large files. CVE-2017-9062 Improper handling of post meta data values in the XML-RPC API. CVE-2017-9063 Cross-site scripting (XSS) vulnerability in the customizer. CVE-2017-9064 A Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog. CVE-2017-9065 Lack of capability checks for post meta data in the XML-RPC API. For Debian 7 "Wheezy", these problems have been fixed in version 3.6.1+dfsg-1~deb7u15. We recommend that you upgrade your wordpress packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkxXnhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSyPhAAoUfz6LXP8Vb053DSF632+g+zkU9MzaxIjsiDpjYI6Cjq8efFu0p2CoCc 6iV2yvDuj3aHHglwt/Am6PYsPGE8j04CXhdxRWjJXcKe/gN2XzPW6XpIMx29LJba em4Dd74bZL7JnDS/EH52NNM9yGaJ1EUs6866BSxApgKsZej9XH1R0HKpM3cxNhGE Lc8b/tJg1oKE9M045+eFQ3x8EWAl15JIm6wX1NNzajSumSEjWoPvOY5g2U8rIdQq g9MYcIwxzRKjGY/0lIf2TE81fauxTYZ7Yp9s9/GgemtIvF4PyvmSispgyESvZXgX DeGVo44uU5CqglbX63x4OgKdVV5rEGFwZIr6/8h3n/c6OxRN0IkzbmAbHhDaqn/Z eTVS2tqdZqDTGbY9ZQ5PfNFZI7Yb/mJN+B/0TAGPWRUS8afh5RdL6xMn5IcY53OX oKd2gdk0GKn8BGe5eqgthoSIrFJYSWhV0dYjM3FWlZSmd7PPVP9eHrIOYIwCW2pO 5oYQbJhOOQcKcqox29DzTdi10bnVCQcbRJhei7l09bsW9yd6einrXqi+x8WlvkLf Wfnnd0gx5qzmlYFRr6qkHy9/wPwP7iAtfNTDt8arnS9/YOtVpwAarSABEj7IpXvr I52BfKziFXWRlOVxnY32Zr9UcEhgFkcFftGFv5OFAMMpABc3zZI= =1VcM -----END PGP SIGNATURE-----