tag 880528 pending
thanks
Hello,
Bug #880528 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?id=88c9ef8
---
commit 88c9ef8afe03dafa9499cf1065d35a0106fe8d71
Author: Craig Small
Date: Thu Jan 4 18:26:37 2018 +1100
Restore numbered placeholders
Apply changeset 42058 to restored nuymbered placeholders in
wpdb::prepare()
Fixes CVE-2017-16510
diff --git a/debian/changelog b/debian/changelog
index b18edcf..aec750c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,8 +16,10 @@ wordpress (4.7.5+dfsg-2+deb9u2) stretch-security;
urgency=high
Ensure the attributes of enclosures are correctly escaped in
RSS and Atom feeds
Changeset 42274
+ * Also backport patch for $wpdb->prepare CVE-2017-16510
+Closes: 880528
- -- Craig Small Sat, 09 Dec 2017 18:13:16 +1100
+ -- Craig Small Thu, 04 Jan 2018 18:19:44 +1100
wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium