wordpress (4.9.1+dfsg-1) unstable; urgency=high
* New upstream release
* Release 4.9 was never packaged due to licensing problems
* This release fixes 6 security issues Closes: #883314
- CVE-2017-17091
Use a properly generated hash for the newbloguser key instead
of a determinate substring.
- CVE-2017-17092
Remove the ability to upload JavaScript files for users who
do not have the unfiltered_html capability
- CVE-2017-17093
Add escaping to the language attributes used on html elements
- CVE-2017-17094
Ensure the attributes of enclosures are correctly escaped in
RSS and Atom feeds
* Updated to standards 4.1.1
* New linting for Javascript is disabled due to jshint.js licensing
issues
-- Craig Small <email address hidden> Sat, 09 Dec 2017 16:57:09 +1100