Debian 10225 Published by

The following updates has been relased for Debian 7 LTS:

[DLA 859-1] calibre security update
[DLA 860-1] wordpress security update



[DLA 859-1] calibre security update

Package : calibre
Version : 0.8.51+dfsg1-0.1+deb7u1
CVE ID : CVE-2016-10187
Debian Bug : 853004


It was found that a javascript present in the book can access files on the
computer using XMLHttpRequest.

For Debian 7 "Wheezy", these problems have been fixed in version
0.8.51+dfsg1-0.1+deb7u1.

We recommend that you upgrade your calibre packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 860-1] wordpress security update

Package : wordpress
Version : 3.6.1+dfsg-1~deb7u14
CVE ID : CVE-2017-6814 CVE-2017-6815 CVE-2017-6816
Debian Bug : 857026

Several vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.

CVE-2017-6814

Cross-Site Scripting (XSS) vulnerability via media file metadata

CVE-2017-6815

Control characters can trick redirect URL validation in
wp-includes/pluggable.php

CVE-2017-6816

Unintended files can be deleted by administrators using the plugin
deletion functionality

For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u14.

We recommend that you upgrade your wordpress packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS