-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Jan 2018 20:10:26 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u16
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Changes:
 wordpress (4.1+dfsg-1+deb8u16) jessie-security; urgency=high
 .
   * Backport securitty patches from 4.9.1
    - CVE-2017-17091 Changeset: 42296
      Use a properly generated hash for the newbloguser key instead
      of a determinate substring.
    - CVE-2017-17092 Changeset: 42299
      Remove the ability to upload JavaScript files for users who
      do not have the unfiltered_html capability
    - CVE-2017-17093 Changeset: 42297
      Add escaping to the language attributes used on html elements
    - CVE-2017-17094 Changeset: 42298
      Ensure the attributes of enclosures are correctly escaped in
      RSS and Atom feeds
   * Additional two patches for security fixes
    - CVE-2017-9066
      Redirect validation patch from backports
    - CVE-2017-16510 Changeset: 42064
      Restore numbered placeholders in $wpdb->prepare
Checksums-Sha1:
 1751a69404aef2cdbb8a9262f0a1f36399d08a2c 2551 wordpress_4.1+dfsg-1+deb8u16.dsc
 05b638902d28f40a5fca94cf5b0181681d7e136e 6171896 wordpress_4.1+dfsg-1+deb8u16.debian.tar.xz
 fb4eb4beab8cbe93dd7c360145d4113b86a16866 3176264 wordpress_4.1+dfsg-1+deb8u16_all.deb
 97f1440a9a4d358324fb3ff9765bc6bd08f3e057 4241918 wordpress-l10n_4.1+dfsg-1+deb8u16_all.deb
 40ffa5f35252774597f98671ffe01d7aa491ed2f 504320 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u16_all.deb
 71d2e67d630842b7a90dc39c76742d69e2d4803b 804936 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u16_all.deb
 43bf32069ae82a8d0fbcf09f961a56ddcdcda8d6 322572 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u16_all.deb
Checksums-Sha256:
 13dee5ef3ef9000291fff99eec655901c39270c60ab9d585360d2e4da97bb6b1 2551 wordpress_4.1+dfsg-1+deb8u16.dsc
 d1ee54cdf16229eca486a09babca1db46cfbb86006c58fd74e7ec04ea9eca8b8 6171896 wordpress_4.1+dfsg-1+deb8u16.debian.tar.xz
 2d76f29dd37d80fe009c0b1eb8f171b983d3cae3384dd403e9822f6cceb200dc 3176264 wordpress_4.1+dfsg-1+deb8u16_all.deb
 011fd6b9c42e0601f92501a9ee95dcf1cd15db8d314fb5fe133ecbcb5d747897 4241918 wordpress-l10n_4.1+dfsg-1+deb8u16_all.deb
 6c17ef5545b2720a55100bdd21e09d825cfc00e24ee2227427b160e655a1cf74 504320 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u16_all.deb
 741029b76b2be37e3c5329f452301f8f03956b18d37fad77312624a59a548aa0 804936 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u16_all.deb
 89b7c116fa05920699f55c19f3f50de64d7cdf674b946f030fdb081a9221f94a 322572 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u16_all.deb
Files:
 30cd65d05a58af5d0de2bdd8672ed04b 2551 web optional wordpress_4.1+dfsg-1+deb8u16.dsc
 a84fd668bc1b813b4265728cb9371af1 6171896 web optional wordpress_4.1+dfsg-1+deb8u16.debian.tar.xz
 32492887ba36c4c8c87dd3094554db04 3176264 web optional wordpress_4.1+dfsg-1+deb8u16_all.deb
 f7c36370124c8639d7070150c2578c24 4241918 localization optional wordpress-l10n_4.1+dfsg-1+deb8u16_all.deb
 02decb36b5ed2be98774f79f999a15ad 504320 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u16_all.deb
 dd2b1bb5ac752a6fe8cbdb8d4182cc4e 804936 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u16_all.deb
 a6e3b15f0db43a7a5fce1dd40d8192cd 322572 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u16_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlpa0LEACgkQAiFmwP88
hOO11g/+L83GBzjuwv6Ead2kUlcRSQ/1QWHVXpFvFE13bcVHpMQFBhxu6MUXlNUr
1/i1DufMCLCGFABtofKjtNhGVREKEieZ3hmqX5QXXVCR4ovpeJ0doi+eOiA3UBxf
ommiHn3zVQqXzUKVC/kmwz1JEbQMlxhoR7teU118vntirOk7pQVzsxOnlwikQxXF
4HLSQdKMKD3a4FvO8YGif2zWAJLFjRJHhgwTAN5fQMVZpYZEXPZv5/HP4zwE3+tn
yX+Ue2CSByjr4tdKYv4hJGpGonEpTCJV/hRM9JJjYZbSxK+Q0UXalYRv1D5CFSeF
E3mcUrnY2YEKwmtmAB34dEzFDX37wSYWHXEbcY96tAn5xM4KZxUz+QI85bfQ3UF+
N3nT2Kcmk07v/jtzwUWd87L0dCHlLrjjLcaAW6xXcalKlJ4FCAAif7a6Waq1WCb6
tY+lgZVHbdIRTZ6bS/jNPtc6y/BThnvDFTBu7zULJkXKAGsjIQOTzFPGaUsY24cq
TAGdYoSxuXRFw+5ltJbWrmVUPHaFpNJugtP/t0NuE2X1piAKb5rMY3zxMCjeVLtW
V/sfCVzdI7eaoyf0vfJh/iqXfDMIwAmYoRAo4WbQXP7pgBKTw1BeHSl3DIhBCY8H
vhwnft0H7b2D/M5j8thfrDM/q3UcILzac2l4a1SXFE4A7UbKQms=
=aOqh
-----END PGP SIGNATURE-----