Debian Security Advisory
DSA-3328-1 wordpress -- security update
- Date Reported:
- 04 Aug 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 784603.
In Mitre's CVE dictionary: CVE-2015-3429, CVE-2015-5622, CVE-2015-5623.
- More information:
Several vulnerabilities have been found in Wordpress, the popular blogging engine.
The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting.
The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affect your installation.
A cross site scripting vulnerability allowed users with the Contributor or Author role to elevate their privileges.
The oldstable distribution (wheezy) is only affected by CVE-2015-5622. This less critical issue will be fixed at a later time.
For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 4.2.3+dfsg-1.
We recommend that you upgrade your wordpress packages.