Debian Security Advisory
DLA-1366-1 wordpress -- LTS security update
- Date Reported:
- 27 Apr 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 895034.
In Mitre's CVE dictionary: CVE-2018-10100, CVE-2018-10102.
- More information:
Two vulnerabilities were discovered in wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following issues.
The redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
The version string was not escaped in the get_the_generator function, and could lead to cross-site scripting (XSS) in a generator tag.
For Debian 7
Wheezy, these problems have been fixed in version 3.6.1+dfsg-1~deb7u21.
We recommend that you upgrade your wordpress packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS