The following updates has been relased for Debian 7 LTS:
[DLA 859-1] calibre security update
[DLA 860-1] wordpress security update
[DLA 859-1] calibre security update
[DLA 860-1] wordpress security update
[DLA 859-1] calibre security update
Package : calibre
Version : 0.8.51+dfsg1-0.1+deb7u1
CVE ID : CVE-2016-10187
Debian Bug : 853004
It was found that a javascript present in the book can access files on the
computer using XMLHttpRequest.
For Debian 7 "Wheezy", these problems have been fixed in version
0.8.51+dfsg1-0.1+deb7u1.
We recommend that you upgrade your calibre packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 860-1] wordpress security update
Package : wordpress
Version : 3.6.1+dfsg-1~deb7u14
CVE ID : CVE-2017-6814 CVE-2017-6815 CVE-2017-6816
Debian Bug : 857026
Several vulnerabilities were discovered in wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following issues.
CVE-2017-6814
Cross-Site Scripting (XSS) vulnerability via media file metadata
CVE-2017-6815
Control characters can trick redirect URL validation in
wp-includes/pluggable.php
CVE-2017-6816
Unintended files can be deleted by administrators using the plugin
deletion functionality
For Debian 7 "Wheezy", these problems have been fixed in version
3.6.1+dfsg-1~deb7u14.
We recommend that you upgrade your wordpress packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS