[SECURITY] [DLA 1160-1] wordpress security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1160-1] wordpress security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 4 Nov 2017 21:06:14 +0100
Message-id: <[🔎] 1ef48f10-995d-810c-9d67-b0c7ca00413d@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wordpress
Version        : 3.6.1+dfsg-1~deb7u18
CVE ID         : CVE-2017-16510
Debian Bug     : 880528

WordPress, a web blogging tool, was affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi) in plugins and themes, as demonstrated
by a "double prepare" approach, a different vulnerability than
CVE-2017-14723.

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u18.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln+HbVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ1LhAAx5Om+zfvxRBYTUQueVy2DpHi3hGEF0S5EVYLJtqnwyafHmW1T8xy/O/k
ucxW1ZdnHIr/yMGw58iISLoG//JlBPhNvw37uWuPxPPXQYSpR+widhPwjMdNNepD
eQ8cWwy/Ywzx8exUlY/5YW+SjoO5BHwsZSZd8KtwuY4XKlUlaYyK/0omyTnB5hjK
zix0SILKwojpMCjw25UKXkVx5Nk+kERIBdUOzs0inKIKXKrlzid+XJUj1hmsukhu
Ic8NtcFiUMmvNuLmL3kg+dyUA4exZ2+fvcB6Md8YMdK/gjqVXuz2x5ZZXodxFbE3
IMOl08HuSU4caVsKjMIVrj0PI8aAhaiGopv5FkmvKlLWowUTta31Zy1YqD534/Ut
/iOTx9G6jwsDnAUzWX9KTMg6c1EhVLm6aMFuyMhLHrE/hWYrI84Ior1TeOYeY8Ad
J4ofHxFSmdB8CF4zR+n5g3IMBk3+pmmtQNK4QHb7nHVFHPTBcQXiPO/uyWDCR88i
TJKXXwhxNYTsmQJ5rU5opzp1bC6ENkwvkPxeQMP5+va3+6RmG4eqSw6gZuXg0RLi
SnmgjnNbgJrDLPsE/0SpAej9pgHjoHYzADcOZLulwtoVP3dOpp1qlmdxp8V7L/hW
/vm8CHSP+EybFfh7FwZUDmmOtaKA9cT0SKlNR9OqYGJs4+F2roI=
=Lxja
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1159-1] graphicsmagick security update
Next by Date: [SECURITY] [DLA 1161-1] redis security update
Previous by thread: [SECURITY] [DLA 1159-1] graphicsmagick security update
Next by thread: [SECURITY] [DLA 1161-1] redis security update
Index(es):
- Date
- Thread