[Secure-testing-team] Bug#810325: wordpress: Cross site scripting vulnerability
Craig Small
csmall at debian.org
Fri Jan 8 10:46:46 UTC 2016
Source: wordpress
Version: 4.4
Severity: important
Tags: security upstream
Wordpress 4.4.1 is out with the following message[1]
WordPress 4.4.1 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately.
WordPress versions 4.4 and earlier are affected by a cross-site
scripting vulnerability that could allow a site to be compromised. This
was reported by Crtc4L.
sid will be easy as its an upgrade to 4.4.1 I'm having trouble figuring
out what changeset is the relevant one. Without that, I cannot pass the
the one changeset out of the 40 or 50 down to the other dists.
- Craig
1: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list