wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Debian Bug report logs - #876274
wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Wed, 20 Sep 2017 22:20:16 +1000

Source: wordpress
Version: 4.8.1+dfsg-1
Severity: grave
Tags: security
Justification: user security hole

Wordpress 4.8.2 is out which fixes 9 security issues[1]

$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi). WordPress core is not directly
vulnerable to this issue, but we’ve added hardening to prevent plugins
and themes from accidentally causing a vulnerability. Reported by Slavco
A cross-site scripting (XSS) vulnerability was discovered in the oEmbed
discovery. Reported by xknown of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in the visual
editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
A path traversal vulnerability was discovered in the file unzipping
code. Reported by Alex Chapman (noxrnet).
A cross-site scripting (XSS) vulnerability was discovered in the plugin
editor. Reported by 陈瑞琦 (Chen Ruiqi).
An open redirect was discovered on the user and term edit screens.
Reported by Yasin Soliman (ysx).
A path traversal vulnerability was discovered in the customizer.
Reported by Weston Ruter of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in template
names. Reported by Luka (sikic).
A cross-site scripting (XSS) vulnerability was discovered in the link
modal. Reported by Anas Roubi (qasuar).



1: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #12 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Craig Small <csmall@debian.org>

Cc: 876274@bugs.debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Wed, 20 Sep 2017 23:15:19 +0200

Hi Craig,

On Wed, Sep 20, 2017 at 10:20:16PM +1000, Craig Small wrote:
> Source: wordpress
> Version: 4.8.1+dfsg-1
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Wordpress 4.8.2 is out which fixes 9 security issues[1]

Are you going to request CVEs for those?

have you identified already the issue -> fixing commit mappings?

Regards,
Salvatore

Message #17 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 876274@bugs.debian.org, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Wed, 20 Sep 2017 21:34:37 +0000

[Message part 1 (text/plain, inline)]

On Thu, 21 Sep. 2017, 07:15 Salvatore Bonaccorso <carnil@debian.org> wrote:

> Are you going to request CVEs for those?
>
> have you identified already the issue -> fixing commit mappings?
>
Hi Salvatore,

Already started talking with Kurt from DWF about the CVE. I am hoping there
will be a new improved setup for the next round of bugs.

Not started the mappings yet but it's on my list. The WPvuln guy has mapped
only the first SQLi.

  - Craig
-- 
Craig Small             https://dropbear.xyz/     csmall at : enc.com.au
Debian GNU/Linux        https://www.debian.org/   csmall at : debian.org
Mastodon: @smallsees@social.dropbear.xyz             Twitter: @smallsees
GPG fingerprint:      5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

[Message part 2 (text/html, inline)]

Message #22 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Ángel <bugs@debian.16bits.net>

To: 876274@bugs.debian.org

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Thu, 21 Sep 2017 09:54:49 +0200

Salvatore wrote:
> have you identified already the issue -> fixing commit mappings?

For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2
https://codex.wordpress.org/Version_4.8.2

For version 4.7.5 [stretch], upstream fixed them on 4.7.6
https://codex.wordpress.org/Version_4.7.6

For version 4.1 [jessie], upstream fixed them on 4.1.19
https://codex.wordpress.org/Version_4.1.19

For version 3.6.1 [wheezy], upstream didn't release a fix.


4.7.6 and 4.1.19 seem to be security fixes only. WordPress 4.8.2 also
contains six maintenance fixes to the 4.8 release series (but that would
go to sid, so it's ok).

There is a slightly misleading commit message on one of them whose
description says it's bumping to the wrong version, but other than that
-thankfully- it looks quite clear which issue is fixing each of the
backported commits

Message #27 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Rodrigo Campos <rodrigo@sdfg.com.ar>

To: Ángel <bugs@debian.16bits.net>, 876274@bugs.debian.org

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Thu, 21 Sep 2017 16:26:54 +0100

On Thu, Sep 21, 2017 at 09:54:49AM +0200, Ángel wrote:
> Salvatore wrote:
> > have you identified already the issue -> fixing commit mappings?
> 
> For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2
> https://codex.wordpress.org/Version_4.8.2

And for jessie backports I'll update as soon as it is on sid :-)

Message #32 received at 876274-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 876274-close@bugs.debian.org

Subject: Bug#876274: fixed in wordpress 4.8.2+dfsg-1

Date: Fri, 22 Sep 2017 12:50:50 +0000

Source: wordpress
Source-Version: 4.8.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876274@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 Sep 2017 21:57:06 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.8.2+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 876274
Changes:
 wordpress (4.8.2+dfsg-1) unstable; urgency=high
 .
   * New upstream security release fixes 9 security issues closes: #876274
     CVE IDs will be updated when issued
     - CVE-2017-XXX
       $wpdb->prepare() can create unexpected and unsafe queries leading to
       potential SQL injection (SQLi)
     - CVE-2017-TBA
       Cross-site scripting (XSS) vulnerability in the oEmbed discovery
     - CVE-2017-TBA
       Cross-site scripting (XSS) vulnerability in the visual editor
     - CVE-2017-TBA
       Path traversal vulnerability in the file unzipping code
     - CVE-2017-TBA
       Cross-site scripting (XSS) vulnerability in the plugin editor
     - CVE-2017-TBA
       Open redirect in the user and term edit screens
     - CVE-2017-TBA
       Path traversal vulnerability in the customizer
     - CVE-2017-TBA
       Cross-site scripting (XSS) vulnerability in template names
     - CVE-2017-TBA
       Cross-site scripting (XSS) vulnerability in the link modal
Checksums-Sha1:
 cbc9ef4979b73c5d7777d9fa848d6150025eb1d3 2539 wordpress_4.8.2+dfsg-1.dsc
 a171c3eea4d19bd8dcf38e1133fd73aff5b1e6ca 6382228 wordpress_4.8.2+dfsg.orig.tar.xz
 5b4304532f23b2e9f6ceb67d73dcf3a991a3e9de 6778320 wordpress_4.8.2+dfsg-1.debian.tar.xz
 889414276026e65d95eab25d9016be33abcbb289 4381636 wordpress-l10n_4.8.2+dfsg-1_all.deb
 98a870d255adfe319c8c6f5b9bc701d96afb75db 700400 wordpress-theme-twentyfifteen_4.8.2+dfsg-1_all.deb
 48352fd64a2bcfb1265c9075c81c0ead24b4406a 940386 wordpress-theme-twentyseventeen_4.8.2+dfsg-1_all.deb
 ffcb61aa538ff63f39f837039a280a089ff1a7e7 589080 wordpress-theme-twentysixteen_4.8.2+dfsg-1_all.deb
 5dccbb4344649df3f1d720c4a3d6d2493b046146 4140230 wordpress_4.8.2+dfsg-1_all.deb
 38a97910927bfec86664e92a25e38f0efa312723 7190 wordpress_4.8.2+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 2397c07e18b9dade3135ec95b7114f0e99d5da779a042107b4a68945be94bc01 2539 wordpress_4.8.2+dfsg-1.dsc
 221c082e1b43fefd698cb6ec83d2c26c9098d2dad2cd4380eb9090aafdebe4da 6382228 wordpress_4.8.2+dfsg.orig.tar.xz
 0635de07449e30868f1ddfda0e69d0055ad6589d8ff199c48c724abc731f1bb3 6778320 wordpress_4.8.2+dfsg-1.debian.tar.xz
 cb182e54602b69494933587e47e0919bb993002b3b0888953b1b812642d310ee 4381636 wordpress-l10n_4.8.2+dfsg-1_all.deb
 c642ca89b5779f62359e6783930651745b09504f19307c75f395e0c6083f87c9 700400 wordpress-theme-twentyfifteen_4.8.2+dfsg-1_all.deb
 68605f8548ece394f88683a9eb8f8ec5da1271428aeaa2855556d8b56eecdd31 940386 wordpress-theme-twentyseventeen_4.8.2+dfsg-1_all.deb
 c94314de632f3f445d4157a1135c32a43e7f2dd56595f5e28ce659f9a132a788 589080 wordpress-theme-twentysixteen_4.8.2+dfsg-1_all.deb
 21260644b2c5e3bd10f0f538699521cef23ff4b9c3772b331f69936c341e31d0 4140230 wordpress_4.8.2+dfsg-1_all.deb
 73d9a41d62b6055fcd3b6cc24f764d05cfd60a7bd7ca8070f6ed700d24697b72 7190 wordpress_4.8.2+dfsg-1_amd64.buildinfo
Files:
 2d39b59b9dc4e09a32ff339359687fe7 2539 web optional wordpress_4.8.2+dfsg-1.dsc
 1f1cc2fafa694a196b9a9c152521d93e 6382228 web optional wordpress_4.8.2+dfsg.orig.tar.xz
 2c7cef8f928dd7ca33635034f10f8068 6778320 web optional wordpress_4.8.2+dfsg-1.debian.tar.xz
 d1c904be0e422e9588079bb3d036f3c4 4381636 localization optional wordpress-l10n_4.8.2+dfsg-1_all.deb
 f4f7cf58b3e037e0aaf60aceef0ef56a 700400 web optional wordpress-theme-twentyfifteen_4.8.2+dfsg-1_all.deb
 f16d70eeebcc1719e71eee7753899e6e 940386 web optional wordpress-theme-twentyseventeen_4.8.2+dfsg-1_all.deb
 aab8a72df9a764df4f118f3451028d22 589080 web optional wordpress-theme-twentysixteen_4.8.2+dfsg-1_all.deb
 643427935a7561a188cd72f9431ffffc 4140230 web optional wordpress_4.8.2+dfsg-1_all.deb
 d8d3b6579df2fc9d8711cf5de76d5f94 7190 web optional wordpress_4.8.2+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnE++AACgkQAiFmwP88
hON4Ew//RU83/CXuE/7AX4iHg7sADWXzauRLtwMUicYgC18Tdyv93eMdCyzF4OTj
KyotwLMaTSByJbYTFZy7mOqtTBPsjgD/UWJumLZ0o53g4MSR5RKNrzqB/5pXy9Rj
1eZ9XOSgeejDBNQk6eDPYG7HBDWAkMMzg62UbP2HYcOMB4UJIPW+Q1i7awMX8Mcq
URIZhJoapBrfaYJvwOQPkCHFMJL9CozfKvTCNOBsg3TBGwNxQNUjOgL56oNGUiHG
TkpooVlb3pwsjPJ1Qtpa/kwn+sV7+fiQF48ZTLzmkdm5TT/toe6dXJB/lO839UB8
jr2e774OHbwAXv82H9QLAhnPZjY11vLRXL5TnZe8r4Mz0Gupc9aaAD5ZMVcbI56M
/Q45w6YbFes/MguaREC/Fz3RnMgqD2wsRV9d1ypTveH5WruFR8ceaqLOw4HVFq+9
ywWwO68GBx7F81OFgUEXvYzI59cX8GPLuLUaHOo27VTeUh8pzz9z7Dy/WJUpmSuL
cYmbGpny5mBAyxChWejIXcaXrLU69mlviv7zUs87n1MBfaDbxZTwNLt6w33UGZps
tRV1S6GrZU9oDh/B4Yu/XOdIl5mHzKt86i0cC7/MKDpkC2G8cIzgh4uvidKs801l
xEds/YAz0EfzLIDMRHqqgixL/m0GRIAxk3gWzkPtHH/842/36ss=
=oKrM
-----END PGP SIGNATURE-----

Message #37 received at 876274-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 876274-submitter@bugs.debian.org

Subject: Bug#876274 marked as pending

Date: Fri, 22 Sep 2017 23:47:23 +0000

tag 876274 pending
thanks

Hello,

Bug #876274 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?id=2b4ced0

---
commit 2b4ced00f007dafe1813fbdb59dfbb6f64416d9e
Author: Craig Small <csmall@debian.org>
Date:   Fri Sep 22 06:28:50 2017 +1000

    Update changelog to 4.8.2-1

diff --git a/debian/changelog b/debian/changelog
index 2ebddd7..b7ea231 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+wordpress (4.8.2+dfsg-1) UNRELEASED; urgency=high
+
+  * New upstream security release fixes 9 security issues closes: #876274
+    CVE IDs will be updated when issued
+    - CVE-2017-XXX
+      $wpdb->prepare() can create unexpected and unsafe queries leading to
+      potential SQL injection (SQLi)
+    - CVE-2017-TBA
+      Cross-site scripting (XSS) vulnerability in the oEmbed discovery
+    - CVE-2017-TBA
+      Cross-site scripting (XSS) vulnerability in the visual editor
+    - CVE-2017-TBA
+      Path traversal vulnerability in the file unzipping code
+    - CVE-2017-TBA
+      Cross-site scripting (XSS) vulnerability in the plugin editor
+    - CVE-2017-TBA
+      Open redirect in the user and term edit screens
+    - CVE-2017-TBA
+      Path traversal vulnerability in the customizer
+    - CVE-2017-TBA
+      Cross-site scripting (XSS) vulnerability in template names
+    - CVE-2017-TBA
+      Cross-site scripting (XSS) vulnerability in the link modal
+
+ -- Craig Small <csmall@debian.org>  Wed, 20 Sep 2017 22:21:41 +1000
+
 wordpress (4.8.1+dfsg-1) unstable; urgency=medium
 
   * New upstream release

Message #42 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Rodrigo Campos <rodrigo@sdfg.com.ar>

To: Ángel <bugs@debian.16bits.net>, 876274@bugs.debian.org

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Sat, 23 Sep 2017 01:16:13 +0100

On Thu, Sep 21, 2017 at 04:26:53PM +0100, Rodrigo Campos wrote:
> On Thu, Sep 21, 2017 at 09:54:49AM +0200, Ángel wrote:
> > Salvatore wrote:
> > > have you identified already the issue -> fixing commit mappings?
> > 
> > For version 4.8.1 [buster, sid], upstream fixed them on 4.8.2
> > https://codex.wordpress.org/Version_4.8.2
> 
> And for jessie backports I'll update as soon as it is on sid :-)

It's already on sid and a backport is ready, will ask for BSA and craig will
upload when the BSA is assigned.



Thanks!
Rodrigo

Message #47 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Ángel <bugs@debian.16bits.net>

To: 876274@bugs.debian.org

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Tue, 26 Sep 2017 03:01:14 +0200

Rodrigo Campos wrote:
> It's already on sid and a backport is ready, will ask for BSA and craig will
> upload when the BSA is assigned.

What about the versions on wheezy/jessie/stretch? Should they be handled
on this bug, get a new one for each, or will they simply be handled
without one by the security team, now they have CVEs¹?


¹ These issues got assigned CVE-2017-14718 to CVE-2017-14726


Thanks!

Message #52 received at 876274@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: Ángel <bugs@debian.16bits.net>, 876274@bugs.debian.org

Subject: Re: Bug#876274: wordpress: 9 security bugs in wordpress 4.8.1 and earlier

Date: Tue, 26 Sep 2017 03:16:08 +0000

[Message part 1 (text/plain, inline)]

On Tue, 26 Sep. 2017, 11:03 Ángel <bugs@debian.16bits.net> wrote:

> What about the versions on wheezy/jessie/stretch? Should they be handled
> on this bug, get a new one for each, or will they simply be handled
> without one by the security team, now they have CVEs¹?
>
Stretch security release I am waiting for security team to approve the
upload.

Rodrigo has made a backport for Jessie. I'll try to upload it in the next
24 hours.

That's all the other versions I know of.

 - Craig
-- 
Craig Small             https://dropbear.xyz/     csmall at : enc.com.au
Debian GNU/Linux        https://www.debian.org/   csmall at : debian.org
Mastodon: @smallsees@social.dropbear.xyz             Twitter: @smallsees
GPG fingerprint:      5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

[Message part 2 (text/html, inline)]

Message #57 received at 876274-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 876274-close@bugs.debian.org

Subject: Bug#876274: fixed in wordpress 4.7.5+dfsg-2+deb9u1

Date: Thu, 19 Oct 2017 17:32:51 +0000

Source: wordpress
Source-Version: 4.7.5+dfsg-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876274@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Oct 2017 07:11:32 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyseventeen
Architecture: source all
Version: 4.7.5+dfsg-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyseventeen - weblog manager - twentyseventeen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 876274 877629
Changes:
 wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium
 .
   * Backport patches from 4.8.2 Closes: #876274
      - CVE-2017-14723
        $wpdb->prepare() can create unexpected and unsafe queries leading to
        potential SQL injection (SQLi)
        Changeset 41472, 41498
      - CVE-2017-14724
        Cross-site scripting (XSS) vulnerability in the oEmbed discovery
        Changeset 41451
      - CVE-2017-14726
        Cross-site scripting (XSS) vulnerability in the visual editor
        Changeset 41436
      - CVE-2017-14719
        Path traversal vulnerability in the file unzipping code
        Changeset 41459
      - CVE-2017-14721
        Cross-site scripting (XSS) vulnerability in the plugin editor
        Changeset 41413
      - CVE-2017-14725
        Open redirect in the user and term edit screens
        Changeset 41418
      - CVE-2017-14722
        Path traversal vulnerability in the customizer
        Changeset 41430
      - CVE-2017-14720
        Cross-site scripting (XSS) vulnerability in template names
        Changeset 41413 (same as plugin editor)
      - CVE-2017-14718
        Cross-site scripting (XSS) vulnerability in the link modal
   * Hash user activation key Closes: #877629
     Fixes CVE-2017-14990
Checksums-Sha1:
 a9e488c4df0b36dd39b41d462f810102f26435df 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc
 edf2c207b6c6c173d8958c0d9191e1e0d532e042 6240440 wordpress_4.7.5+dfsg.orig.tar.xz
 e0417f8708cc10ca56041e972fb4ca083bdac5e4 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 014d493c433949581827abb22faad2d3f6297844 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 99a9c6e1853fc992fb8645dedc7fe1302353cbbf 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 db0d15595516b0867938d9fe49b7bd15bbd64ef0 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 35adf0a11c5958aac424850a4e4304f019fced52 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 1a1fe93a389e4ae808187c824014fc2f01d57eca 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 f86f46fb5375b65b7438360b44583563fab1ec26 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 37ba9d3c65c8f242019ab92e1c896c8bbb7f6ef376f4805eff8f233ab82d869b 2567 wordpress_4.7.5+dfsg-2+deb9u1.dsc
 a21bc1f4042bbd77eb1ddef2cdcd3fb60f121835cf5d219a6e12a2d06a839b7f 6240440 wordpress_4.7.5+dfsg.orig.tar.xz
 b610d6c3784f29ce1344c107d0b39029bef293c08adbad357263d2d6bf7f4f6d 6785340 wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 441b2b00c7cb3f223a6881f0054f94f91f02c93ac0dc209bf8b1d5c653ec9be8 4382638 wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 b06298da79ea789b0765b248359100fb0807a3a24249e7c126726ab21bb537a8 700472 wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 572dffe8d5adc67d54bc69dde3b1dfa4c917d7549d2c1594ef802bd124d8735f 940094 wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 ff42d848ff38035275ab9dbe524fe8f819cf0477ac63b88d8c95e9c0b5f8e501 589188 wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 2a0097fcf5d66f912e70f36ed27f0ad9d2888b3e08ac638f3d0a6ac66e420b53 4000422 wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 5da5441b9c3aa36ecbe618a003d703eb2a610d55648f6710feff4fe52182cf0e 7445 wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo
Files:
 21a555aa4c57f04d5bc92477481b9063 2567 web optional wordpress_4.7.5+dfsg-2+deb9u1.dsc
 acb0c5ca4df36e2eef3274d6adc4f8b8 6240440 web optional wordpress_4.7.5+dfsg.orig.tar.xz
 2ac4750281b13334542a7db72cacd80d 6785340 web optional wordpress_4.7.5+dfsg-2+deb9u1.debian.tar.xz
 da8441d62a0fc891beaf9e36137b032d 4382638 localization optional wordpress-l10n_4.7.5+dfsg-2+deb9u1_all.deb
 3d21c554d514bcaa1cf9e30f2ce89294 700472 web optional wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u1_all.deb
 51cdc6b546ec088cb991cb9d0d8d49b7 940094 web optional wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u1_all.deb
 fea91b00203c8603998a988bbb55bcff 589188 web optional wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u1_all.deb
 f05853250ca3347238d7acd3d908d766 4000422 web optional wordpress_4.7.5+dfsg-2+deb9u1_all.deb
 e27b814900766441f5aebbccefedafb6 7445 web optional wordpress_4.7.5+dfsg-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAlnagMQACgkQAiFmwP88
hOM/Kg//dgoidYMOvRzgc8qubXLtoCNufKwlDsXeVsn/7K0dQ/4lcOLIC3p3Li+o
GO3Bce8g1IRSN9R9PFWmkysEARpEhoLAmL7gbvIHyLbElwcraXhcbxwVj5CKlnu/
KXiH3HL+shvlpmA99vLlxv4RDN4OMBMVK/MPUtfHKxYOhfdWA2TOYVzKBaySj7AZ
YyItOFb3xQsHN86jDie3Fn420DJqvrtyBdZXuFT1VoOrmmnTdczM/kl0EqONy12g
vUIHNiZU++jo2gWl0ts08ncguKAvkjZ/LOJIz9L27bZQno0+s76xWpElnD8OV4QH
pKtOadUA9I7toxEoLcRwiRIisK12tz2U9Hc/vStR+MPTO9OYadsK9mzybzH34nmf
vrBxhLT7hdkt5OVSS4JamtSrTWCgI8yjQXRhYENMz85Asuz3dyLrdQlU12SfXt1r
NyLMWGL36tMiaOMklfSwr7q7CYI1xVuyX0UIhiqg016wIzQJgb+CVGViCEfHcYMi
s0+XHyCxej4d6m6cb3Rh/h6XImTMcXVGllCOHfED5U/oRdHE/LnN+B5S/Oo6X647
bgawRzSNJv+VnQasIK+9RQBBh8fRjnz4Ww9FFH3d8LyUYr09Ei1N7hitcOJR9yBC
b6vJSDKMBTJhPkUaWLJFNAg5sqwZHuttbu1DkV+APCTTCRJh9+E=
=G7IE
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.