Linux repositories inspector

wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files

WordPress is a full featured web blogging tool:
  • Instant publishing (no rebuilding)
  • Comment pingback support with spam protection
  • Non-crufty URLs
  • Themable
  • Plugin support
This package contains WordPress twentyfifteen theme files NOTE: This theme requires access to public CDNs for use of some font or CSS files.
Original maintainer
Homepagehttps://wordpress.org
4.9.8
Ubuntu iconUbuntu 18.10
4.9.5
Ubuntu iconUbuntu 18.04 LTS
4.8.2
Ubuntu iconUbuntu 17.10
4.7.5
Debian iconDebian 9.0
4.4.2
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 9.0 stretch/maindeb4.7.5+dfsg-2+deb9u412.01.2019684 kiB1 MiB
Debian iconDebian 9.0 stretch-proposed-updates/maindeb4.7.5+dfsg-2+deb9u510.03.2019685 kiB1 MiB
Ubuntu iconUbuntu 17.10 artful/universedeb4.8.2+dfsg-210.11.2017670 kiB1020 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb4.9.5+dfsg1-119.06.2018670 kiB1 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb4.9.8+dfsg1-114.01.2019670 kiB1 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb4.4.2+dfsg-1ubuntu110.11.2017478 kiB832 kiB

Latest updates

Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u5 introduced

10.03.2019 08:49
  • Backport security patches from wordpress 5.0.1 Closes: #916403
    • CVE-2018-20147
      Delete files through altered meta data
    • CVE-2018-20152
      Create posts of unauthorized post types
    • CVE-2018-20148
      PHP object injection through crafted meta data
    • CVE-2018-20153
      Edit other users comments, leading to XSS
    • CVE-2018-20150
      XSS in plugins through crafted URL inputs
    • CVE-2018-20151
      User activation screen visible to search engines
    • CVE-2018-20149
      Bypass MIME verification causing XSS
    • CVE-2019-8942
      Remote Code Execution (RCE) in uploaded image files
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic/universe: Version 4.9.8+dfsg1-1 introduced

14.01.2019 03:15
  • New upstream source
    Verify plugin uploads CVE-2018-14028 Closes: #906565
Debian 10.0 icon

Debian 10.0 buster/main: Version 4.9.4+dfsg-1 removed

12.01.2019 14:16
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u3 removed

12.01.2019 13:52
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2+deb9u2 to 4.7.5+dfsg-2+deb9u4

12.01.2019 13:50
  • Backport security patch from 4.9.7 Closes: #902876
    • CVE-2018-12895 Fix directory traversal in thumb parameter
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u3 introduced

19.06.2018 07:50
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.4+dfsg-1 to 4.9.5+dfsg1-1

19.06.2018 07:49
  • New upstream source, fixes 3 Security issues Closes: #895034
    • CVE-2018-TBA
      Don't treat localhost as same host by default.
    • CVE-2018-TBA
      Use safe redirects when redirecting login page if SSL is forced
    • CVE-2018-TBA
      Make sure version string is correctly escaped for use in generator tags
  • Update to standards version 4.1.4
  • Remove get-orig-source in rules and use uscan
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u2 removed

14.03.2018 02:47
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2+deb9u1 to 4.7.5+dfsg-2+deb9u2

14.03.2018 02:46
  • Backport security patches from 4.9.1 Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
      Changeset 42272
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
      Changeset 42275
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements Changeset 42273
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
      Changeset 42274
  • Also backport patch for $wpdb->prepare CVE-2017-16510 Closes: 880528
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.9.2+dfsg-1 to 4.9.4+dfsg-1

26.02.2018 04:25
  • New upstream release
  • Removed remove_jshint patch as upstream has found a different hinter
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u2 introduced

26.02.2018 04:22
  • Backport security patches from 4.9.1 Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
      Changeset 42272
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
      Changeset 42275
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements Changeset 42273
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
      Changeset 42274
  • Also backport patch for $wpdb->prepare CVE-2017-16510 Closes: 880528
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.2+dfsg-1 to 4.9.4+dfsg-1

26.02.2018 04:21
  • New upstream release
  • Removed remove_jshint patch as upstream has found a different hinter
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.9.1+dfsg-1 to 4.9.2+dfsg-1

23.01.2018 04:07
  • New upstream security release Closes: #887596
    and resolves CVE-2018-5776
  • Update standards version to 4.1.3 - no change
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.1+dfsg-1 to 4.9.2+dfsg-1

23.01.2018 04:04
  • New upstream security release Closes: #887596
    and resolves CVE-2018-5776
  • Update standards version to 4.1.3 - no change
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.8.3+dfsg-1 to 4.9.1+dfsg-1

10.12.2017 22:37
  • New upstream release
  • Release 4.9 was never packaged due to licensing problems
  • This release fixes 6 security issues Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
  • Updated to standards 4.1.1
  • New linting for Javascript is disabled due to jshint.js licensing issues
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.8.3+dfsg-1 to 4.9.1+dfsg-1

09.12.2017 13:12
  • New upstream release
  • Release 4.9 was never packaged due to licensing problems
  • This release fixes 6 security issues Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
  • Updated to standards 4.1.1
  • New linting for Javascript is disabled due to jshint.js licensing issues
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u1 removed

09.12.2017 06:35
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2 to 4.7.5+dfsg-2+deb9u1

09.12.2017 05:58
  • Backport patches from 4.8.2 Closes: #876274
    • CVE-2017-14723
      $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)
      Changeset 41472, 41498
    • CVE-2017-14724
      Cross-site scripting (XSS) vulnerability in the oEmbed discovery Changeset 41451
    • CVE-2017-14726
      Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436
    • CVE-2017-14719
      Path traversal vulnerability in the file unzipping code Changeset 41459
    • CVE-2017-14721
      Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413
    • CVE-2017-14725
      Open redirect in the user and term edit screens Changeset 41418
    • CVE-2017-14722
      Path traversal vulnerability in the customizer Changeset 41430
    • CVE-2017-14720
      Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor)
    • CVE-2017-14718
      Cross-site scripting (XSS) vulnerability in the link modal
  • Hash user activation key Closes: #877629
    Fixes CVE-2017-14990
Debian 10.0 icon

Debian 10.0 buster/main: Version 4.8.3+dfsg-1 introduced

10.11.2017 09:50
  • New upstream security release Closes: #880528
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u1 introduced

10.11.2017 09:40
  • Backport patches from 4.8.2 Closes: #876274
    • CVE-2017-14723
      $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)
      Changeset 41472, 41498
    • CVE-2017-14724
      Cross-site scripting (XSS) vulnerability in the oEmbed discovery Changeset 41451
    • CVE-2017-14726
      Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436
    • CVE-2017-14719
      Path traversal vulnerability in the file unzipping code Changeset 41459
    • CVE-2017-14721
      Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413
    • CVE-2017-14725
      Open redirect in the user and term edit screens Changeset 41418
    • CVE-2017-14722
      Path traversal vulnerability in the customizer Changeset 41430
    • CVE-2017-14720
      Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor)
    • CVE-2017-14718
      Cross-site scripting (XSS) vulnerability in the link modal
  • Hash user activation key Closes: #877629
    Fixes CVE-2017-14990

Related packages

wordpress - Blog tool and publishing platform
⇧ Top