Linux repositories inspector

wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files

WordPress is a full featured web blogging tool:
  • Instant publishing (no rebuilding)
  • Comment pingback support with spam protection
  • Non-crufty URLs
  • Themable
  • Plugin support
This package contains WordPress twentyfifteen theme files NOTE: This theme requires access to public CDNs for use of some font or CSS files.
Original maintainer
Homepagehttps://wordpress.org
4.9.8
Ubuntu iconUbuntu 18.10
4.9.5
Ubuntu iconUbuntu 18.04 LTS
4.8.2
Ubuntu iconUbuntu 17.10
4.7.5
Debian iconDebian 9.0
4.4.2
Ubuntu iconUbuntu 16.04 LTS
DistributionVersionSincePackageInstalledPackager
Debian iconDebian 9.0 stretch/maindeb4.7.5+dfsg-2+deb9u5Jun 17685 kiB1 MiB
Ubuntu iconUbuntu 17.10 artful/universedeb4.8.2+dfsg-22017-11-10670 kiB1020 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb4.9.5+dfsg1-12018-06-19670 kiB1 MiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb4.9.8+dfsg1-1Jan 14670 kiB1 MiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb4.4.2+dfsg-1ubuntu12017-11-10478 kiB832 kiB

Latest updates

Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u5 removed

Jun 17
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2+deb9u4 to 4.7.5+dfsg-2+deb9u5

Jun 17
  • Backport security patches from wordpress 5.0.1 Closes: #916403
    • CVE-2018-20147
      Delete files through altered meta data
    • CVE-2018-20152
      Create posts of unauthorized post types
    • CVE-2018-20148
      PHP object injection through crafted meta data
    • CVE-2018-20153
      Edit other users comments, leading to XSS
    • CVE-2018-20150
      XSS in plugins through crafted URL inputs
    • CVE-2018-20151
      User activation screen visible to search engines
    • CVE-2018-20149
      Bypass MIME verification causing XSS
    • CVE-2019-8942
      Remote Code Execution (RCE) in uploaded image files
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u5 introduced

Mar 10
  • Backport security patches from wordpress 5.0.1 Closes: #916403
    • CVE-2018-20147
      Delete files through altered meta data
    • CVE-2018-20152
      Create posts of unauthorized post types
    • CVE-2018-20148
      PHP object injection through crafted meta data
    • CVE-2018-20153
      Edit other users comments, leading to XSS
    • CVE-2018-20150
      XSS in plugins through crafted URL inputs
    • CVE-2018-20151
      User activation screen visible to search engines
    • CVE-2018-20149
      Bypass MIME verification causing XSS
    • CVE-2019-8942
      Remote Code Execution (RCE) in uploaded image files
Ubuntu 18.10 icon

Ubuntu 18.10 cosmic/universe: Version 4.9.8+dfsg1-1 introduced

Jan 14
  • New upstream source
    Verify plugin uploads CVE-2018-14028 Closes: #906565
Debian 10.0 icon

Debian 10.0 buster/main: Version 4.9.4+dfsg-1 removed

Jan 12
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u3 removed

Jan 12
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2+deb9u2 to 4.7.5+dfsg-2+deb9u4

Jan 12
  • Backport security patch from 4.9.7 Closes: #902876
    • CVE-2018-12895 Fix directory traversal in thumb parameter
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u3 introduced

2018-06-19
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.4+dfsg-1 to 4.9.5+dfsg1-1

2018-06-19
  • New upstream source, fixes 3 Security issues Closes: #895034
    • CVE-2018-TBA
      Don't treat localhost as same host by default.
    • CVE-2018-TBA
      Use safe redirects when redirecting login page if SSL is forced
    • CVE-2018-TBA
      Make sure version string is correctly escaped for use in generator tags
  • Update to standards version 4.1.4
  • Remove get-orig-source in rules and use uscan
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u2 removed

2018-03-14
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2+deb9u1 to 4.7.5+dfsg-2+deb9u2

2018-03-14
  • Backport security patches from 4.9.1 Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
      Changeset 42272
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
      Changeset 42275
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements Changeset 42273
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
      Changeset 42274
  • Also backport patch for $wpdb->prepare CVE-2017-16510 Closes: 880528
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.9.2+dfsg-1 to 4.9.4+dfsg-1

2018-02-26
  • New upstream release
  • Removed remove_jshint patch as upstream has found a different hinter
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u2 introduced

2018-02-26
  • Backport security patches from 4.9.1 Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
      Changeset 42272
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
      Changeset 42275
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements Changeset 42273
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
      Changeset 42274
  • Also backport patch for $wpdb->prepare CVE-2017-16510 Closes: 880528
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.2+dfsg-1 to 4.9.4+dfsg-1

2018-02-26
  • New upstream release
  • Removed remove_jshint patch as upstream has found a different hinter
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.9.1+dfsg-1 to 4.9.2+dfsg-1

2018-01-23
  • New upstream security release Closes: #887596
    and resolves CVE-2018-5776
  • Update standards version to 4.1.3 - no change
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.9.1+dfsg-1 to 4.9.2+dfsg-1

2018-01-23
  • New upstream security release Closes: #887596
    and resolves CVE-2018-5776
  • Update standards version to 4.1.3 - no change
Debian 10.0 icon

Debian 10.0 buster/main: Updated from 4.8.3+dfsg-1 to 4.9.1+dfsg-1

2017-12-10
  • New upstream release
  • Release 4.9 was never packaged due to licensing problems
  • This release fixes 6 security issues Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
  • Updated to standards 4.1.1
  • New linting for Javascript is disabled due to jshint.js licensing issues
Ubuntu 18.04 LTS icon

Ubuntu 18.04 LTS bionic/universe: Updated from 4.8.3+dfsg-1 to 4.9.1+dfsg-1

2017-12-09
  • New upstream release
  • Release 4.9 was never packaged due to licensing problems
  • This release fixes 6 security issues Closes: #883314
    • CVE-2017-17091
      Use a properly generated hash for the newbloguser key instead of a determinate substring.
    • CVE-2017-17092
      Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability
    • CVE-2017-17093
      Add escaping to the language attributes used on html elements
    • CVE-2017-17094
      Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds
  • Updated to standards 4.1.1
  • New linting for Javascript is disabled due to jshint.js licensing issues
Debian 9.0 icon

Debian 9.0 stretch-proposed-updates/main: Version 4.7.5+dfsg-2+deb9u1 removed

2017-12-09
Debian 9.0 icon

Debian 9.0 stretch/main: Updated from 4.7.5+dfsg-2 to 4.7.5+dfsg-2+deb9u1

2017-12-09
  • Backport patches from 4.8.2 Closes: #876274
    • CVE-2017-14723
      $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi)
      Changeset 41472, 41498
    • CVE-2017-14724
      Cross-site scripting (XSS) vulnerability in the oEmbed discovery Changeset 41451
    • CVE-2017-14726
      Cross-site scripting (XSS) vulnerability in the visual editor Changeset 41436
    • CVE-2017-14719
      Path traversal vulnerability in the file unzipping code Changeset 41459
    • CVE-2017-14721
      Cross-site scripting (XSS) vulnerability in the plugin editor Changeset 41413
    • CVE-2017-14725
      Open redirect in the user and term edit screens Changeset 41418
    • CVE-2017-14722
      Path traversal vulnerability in the customizer Changeset 41430
    • CVE-2017-14720
      Cross-site scripting (XSS) vulnerability in template names Changeset 41413 (same as plugin editor)
    • CVE-2017-14718
      Cross-site scripting (XSS) vulnerability in the link modal
  • Hash user activation key Closes: #877629
    Fixes CVE-2017-14990

Related packages

wordpress - Blog tool and publishing platform
⇧ Top