[SECURITY] [DLA 418-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : wordpress
Version : 3.6.1+dfsg-1~deb6u9
CVE ID : CVE-2016-2221 CVE-2016-2222
Debian Bug : 813697
WordPress versions 4.4.1 and earlier are affected by two security
issues: a possible Side Request Forgery Vulnerability for certain
local URIs, reported by Ronni Skansing; and an open redirection
attack, reported by Shailesh Suthar.
CVE-2016-2221
Wordpress could be vulnerable for an open redirection attack
which was fixed by better validation of the URL used in HTTP
redirects.
CVE-2016-2222
It was discovered that Wordpress was susceptible for a possible Side
Request Forgery Vulnerability because it considered for instance
0.1.2.3 as a valid IP.
For Debian 6 "Squeeze", these problems have been fixed in version
3.6.1+dfsg-1~deb6u9.
We recommend that you upgrade your wordpress packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJWw6rSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkz0AQAJi4esGUtMcCEJkSBo13rB7G
H758Pd5w7p9z+HCgcR/9k+2qIp9cOlGvarhkhjknRc4EPLGKAT0vewtUzK/QPKA5
kdbTDXkxSpUozpycQ1gw0x6ZfitfrkT0Jrg1PxJvuEIAYRIUlFPaYqRfbBCyxD8t
E0l0VB7VQNauhl1VYZ2vK2gJFtGmxd+7HxdZkWnk+fKP0Cy8T3ne60ukGLhJ0UY4
NpdyxaCUmh3ma7/RjQtqmRser5cwLh2Y8z10uzf7MIUEeThJM7c1c0KojAfmSYZy
N7/YolaXVf/wEAJkHjxiBJ+gelQq5aJNE3J/dgPSvz9HgKqVbdiI28XwyXi0HhIu
PwhGmvK86gH8T2TZMDQhY5naGa9Dw7MKI7XKhu0trpVvZXdaqMZ6TeX4wdOMlANS
RwF4OPs3JCPZWQRdCeYU2xlOWDWCnQ0vrf6VZAoc9J/1orRwswBx0eqeLiv8RVR0
D9wqtUG86f4ahQ99A73w2wKI2cOzyV5mWtUp51lD/pjbzamAE1w1QEpLKJ8D7Aad
/qmJoJK9CL+RasDTvH2bceqiugdZ6xvvXiLsovjuC3Et+6Qhsme0aDtnnUP0vz4q
KbUrYm2butT0gLPCnnnrd6YAsCBrbHqL2crydayWGAwyG443F0LfbiFRjpxLgA+K
fvIi7NlH8F6qKO71oZVT
=gGTK
-----END PGP SIGNATURE-----
Reply to: