-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : wordpress Version : 3.6.1+dfsg-1~deb7u21 CVE ID : CVE-2018-10100 CVE-2018-10102 Debian Bug : 895034
Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2018-10100 The redirection URL for the login page was not validated or sanitized if forced to use HTTPS. CVE-2018-10102 The version string was not escaped in the get_the_generator function, and could lead to cross-site scripting (XSS) in a generator tag. For Debian 7 "Wheezy", these problems have been fixed in version 3.6.1+dfsg-1~deb7u21. We recommend that you upgrade your wordpress packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrjMVhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRauhAAr/CBrCL2JbFkqKQllYaawx9rqE2FAXUMyautTRpiYKi6eeKRiy+nyk39 W6bbtuADxY4b7yrn47aaFl8r+uZMbs0hZqZgPGVKKFXvGUyYm54k2uP2rzVzvbuQ V6vwlMcIVuVY8ODOh9yiqESvNv3xSWA9X8TzHuJ94QSp/PvnadoapsdJ4aA6UFdP EbfS+f/LF30sUJHICrPobdEh35UM62moSo5UyZMms+hKAp+lbZwir21eSVcFjOLt RSqEx7b/KwSIFJUKNQi0viCZvWI+IlWkBzZYYbmGuvlBSQ1INA8m8Yavd4G8nQ+Y mHYUdMMgaw1Zg9idkaZBg19Mit0/Rhtu8ahULhqr9Z32s1z7WMaKl1CqHfa6QuOb yMMA6Lgp4whzlyWkBUY7CQPqD5Xa8DMQY4Yb3DIFUGXMEskbD5nxd+p30927pdLB qj1BfVry7dYGHdr9nBADERVXI/H0MNbV4b0W6wGRtYudBS6TwRezyaTmjIyeTusx XoyEEGtBnEgbhXvltZpNHP98GLEL/KgHaAHtB0V6vKgsOP8YwTCe0EX7Dm6wo8sp aew2MaabFPmRg5Ns7QZq8RWi0Lz8b5HTD0Af9MKYg8Yq0wRjMLgopiEBx+6e/XLo XBvbCQQwiR1EYG1mOd68ycKOVvzBjmUqHnAw6S3QZfVLRGT8G2U= =Mdin -----END PGP SIGNATURE-----
