Package : wordpress Version : 3.6.1+dfsg-1~deb6u7 CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation. This is the corrected version of the patch that needed to be reverted in DSA 3328-2. CVE-2015-5731 An attacker could lock a post that was being edited. CVE-2015-5732 Cross site scripting in a widget title allows an attacker to steal sensitive information. CVE-2015-5734 Fix some broken links in the legacy theme preview. The issues were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset. We recommend that you upgrade your wordpress packages.
Attachment:
signature.asc
Description: Digital signature