Description
The wordpress package has been updated to version 3.9.8, fixing three
cross-site scripting issues (CVE-2015-5732, CVE-2015-5733, CVE-2015-5734),
a potential timing side-channel attack in Customizer (CVe-2015-5730), an
issue in Heartbeat where an attacker could lock a post from being edited
(CVE-2015-5731), and an SQL injection issue (CVE-2015-2213), as well
as other bugs. See the upstream announcement and release notes for more
details.