Accepted wordpress 3.6.1+dfsg-1~deb7u1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Sep 2013 10:35:45 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Closes: 72253
Changes:
wordpress (3.6.1+dfsg-1~deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Import Wordpress 3.6.1 from Jessie to fix all the security issues present
in Squeeze closes: #72253
- CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
execution.
- CVE-2013-4339: unproper input validation in URL parsing can lead to
arbitrary redirection.
- CVE-2013-4340: privilege escalation allowing an user with an author
role to create an entry appearing as written by another user.
- CVE-2013-5738: authenticated users can conduct cross-site scripting
attacks (XSS) using crafted html file uploads.
- CVE-2013-5739: default Wordpress configuration doesn't prevent upload
for .swf and .exe files, making it easier for authenticated users to
conduct XSS attacks.
Checksums-Sha1:
8fb73996a0aed1cd6319abd1c4f4fea4d4b1c253 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc
997fd2158cd14bd29a5598a81c780db34f7173f7 3214412 wordpress_3.6.1+dfsg.orig.tar.xz
86d5e1c4053dd948ce219b113b05556f3418c3b6 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
bec580f0ecfc952247fe8bd8bde67355783cab1c 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb
aae8873b4c1328158458e8a5602ed3a3ce134bd2 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb
Checksums-Sha256:
4e34be0168181d1d8b274c304efd53e21e86630445eaa9d96735d389c888a71a 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc
20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d 3214412 wordpress_3.6.1+dfsg.orig.tar.xz
125d9651c2338bebf1ebf6c42dc924974f36ef63b6847eddc5eee7fd6b92ebc3 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
d9035ada082f4260f669d1695d508403ee550bc4330134e6e82be763455f4844 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb
7e0676344b3c5531a165f51c98b243d4b99f0929c27c2a91160f3f27761db714 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb
Files:
21047f8baaf3aefb944a6ea7e71648a2 1990 web optional wordpress_3.6.1+dfsg-1~deb7u1.dsc
4fbd2c241f5d7075b115dfba1b130bfa 3214412 web optional wordpress_3.6.1+dfsg.orig.tar.xz
0c3207d7b5a842c131042e165d2bcf3b 5226752 web optional wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
aac46cf8749943c0e6ae6812a9a0bc38 3956114 web optional wordpress_3.6.1+dfsg-1~deb7u1_all.deb
9192c2ed90e9e86c6eb2f0e333ca94f6 8858980 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
iQEcBAEBCgAGBQJSNCENAAoJEG3bU/KmdcClpvwH/AkMBRyBP8cCGN+k7kcQtC8Y
9NfrzdpQusR6sK3QzU9OKUh9agNrpFen4vf3q9EhqKbF15fGvxAw2xBMnlVcrlYR
XELaPWDrCGIFJcsE14+e3rJZ3uI+WK1TZ1s9rC8ujUOxPJFrAsVmmbRhGyxD/rrM
anOwiaD3qYYrTf/lOYFQR8HxkSPL8iuauLZIGIKiaOxKmGYXAkwWi+dJsOTDr/f1
gLqdau/Nte2j7C5xQmNxwLs8OBnDDGWEtptOrKH6+NjEtC3PsLce1wDT2Ys0ld/+
JDQ2IgLKgsMN1PGxUTFMOoyiuEIiAGiZqKXhUiand/UDc7uyuOwhwVO9lzL5lK8=
=faf4
-----END PGP SIGNATURE-----