Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands. More information can be found in the upstream advisories at https://wordpress.org/news/2015/04/wordpress-4-1-2/ and https://wordpress.org/news/2015/04/wordpress-4-2-1/ For the oldstable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u6. For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 4.2.1+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.2.1+dfsg-1. We recommend that you upgrade your wordpress packages.
Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands.
More information can be found in the upstream advisories at https://wordpress.org/news/2015/04/wordpress-4-1-2/ and https://wordpress.org/news/2015/04/wordpress-4-2-1/
For the oldstable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 4.1+dfsg-1+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 4.2.1+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 4.2.1+dfsg-1.
We recommend that you upgrade your wordpress packages.