[SECURITY] [DLA 1366-1] wordpress security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : wordpress
Version : 3.6.1+dfsg-1~deb7u21
CVE ID : CVE-2018-10100 CVE-2018-10102
Debian Bug : 895034
Two vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.
CVE-2018-10100
The redirection URL for the login page was not validated or sanitized
if forced to use HTTPS.
CVE-2018-10102
The version string was not escaped in the get_the_generator function,
and could lead to cross-site scripting (XSS) in a generator tag.
For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u21.
We recommend that you upgrade your wordpress packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlrjMVhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRauhAAr/CBrCL2JbFkqKQllYaawx9rqE2FAXUMyautTRpiYKi6eeKRiy+nyk39
W6bbtuADxY4b7yrn47aaFl8r+uZMbs0hZqZgPGVKKFXvGUyYm54k2uP2rzVzvbuQ
V6vwlMcIVuVY8ODOh9yiqESvNv3xSWA9X8TzHuJ94QSp/PvnadoapsdJ4aA6UFdP
EbfS+f/LF30sUJHICrPobdEh35UM62moSo5UyZMms+hKAp+lbZwir21eSVcFjOLt
RSqEx7b/KwSIFJUKNQi0viCZvWI+IlWkBzZYYbmGuvlBSQ1INA8m8Yavd4G8nQ+Y
mHYUdMMgaw1Zg9idkaZBg19Mit0/Rhtu8ahULhqr9Z32s1z7WMaKl1CqHfa6QuOb
yMMA6Lgp4whzlyWkBUY7CQPqD5Xa8DMQY4Yb3DIFUGXMEskbD5nxd+p30927pdLB
qj1BfVry7dYGHdr9nBADERVXI/H0MNbV4b0W6wGRtYudBS6TwRezyaTmjIyeTusx
XoyEEGtBnEgbhXvltZpNHP98GLEL/KgHaAHtB0V6vKgsOP8YwTCe0EX7Dm6wo8sp
aew2MaabFPmRg5Ns7QZq8RWi0Lz8b5HTD0Af9MKYg8Yq0wRjMLgopiEBx+6e/XLo
XBvbCQQwiR1EYG1mOd68ycKOVvzBjmUqHnAw6S3QZfVLRGT8G2U=
=Mdin
-----END PGP SIGNATURE-----
Reply to: