1
Candidate: CVE-2017-5493
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
5
http://www.openwall.com/lists/oss-security/2017/01/14/1
6
https://wpvulndb.com/vulnerabilities/8721
7
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
8
http://www.openwall.com/lists/oss-security/2017/01/14/6
9
https://codex.wordpress.org/Version_4.7.1
10
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
12
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress
13
before 4.7.1 does not properly choose random numbers for keys, which makes
14
it easier for remote attackers to bypass intended access restrictions via a
15
crafted (1) site signup or (2) user signup.
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851310
25
upstream_wordpress: released (4.7.1+dfsg-1)
26
precise_wordpress: ignored (reached end-of-life)
27
precise/esm_wordpress: DNE (precise was needs-triage)
28
trusty_wordpress: needs-triage
29
vivid/stable-phone-overlay_wordpress: DNE
30
vivid/ubuntu-core_wordpress: DNE
31
xenial_wordpress: needs-triage
32
yakkety_wordpress: ignored (reached end-of-life)
33
zesty_wordpress: not-affected (4.7.1+dfsg-1)
34
artful_wordpress: not-affected (4.7.1+dfsg-1)
35
bionic_wordpress: not-affected (4.7.1+dfsg-1)
36
devel_wordpress: not-affected (4.7.1+dfsg-1)