Back to wordpress PTS page

Accepted wordpress 3.6.1+dfsg-1~deb7u1 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted wordpress 3.6.1+dfsg-1~deb7u1 (source all)
From: Yves-Alexis Perez <corsac@debian.org>
Date: Sat, 14 Dec 2013 12:49:52 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1VrofI-0003Fp-Pc@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Sep 2013 10:35:45 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 72253
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Import Wordpress 3.6.1 from Jessie to fix all the security issues present
     in Squeeze                                                   closes: #72253
     - CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
     execution.
     - CVE-2013-4339: unproper input validation in URL parsing can lead to
     arbitrary redirection.
     - CVE-2013-4340: privilege escalation allowing an user with an author
     role to create an entry appearing as written by another user.
     - CVE-2013-5738: authenticated users can conduct cross-site scripting
     attacks (XSS) using crafted html file uploads.
     - CVE-2013-5739: default Wordpress configuration doesn't prevent upload
     for .swf and .exe files, making it easier for authenticated users to
     conduct XSS attacks.
Checksums-Sha1: 
 8fb73996a0aed1cd6319abd1c4f4fea4d4b1c253 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc
 997fd2158cd14bd29a5598a81c780db34f7173f7 3214412 wordpress_3.6.1+dfsg.orig.tar.xz
 86d5e1c4053dd948ce219b113b05556f3418c3b6 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
 bec580f0ecfc952247fe8bd8bde67355783cab1c 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb
 aae8873b4c1328158458e8a5602ed3a3ce134bd2 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb
Checksums-Sha256: 
 4e34be0168181d1d8b274c304efd53e21e86630445eaa9d96735d389c888a71a 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc
 20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d 3214412 wordpress_3.6.1+dfsg.orig.tar.xz
 125d9651c2338bebf1ebf6c42dc924974f36ef63b6847eddc5eee7fd6b92ebc3 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
 d9035ada082f4260f669d1695d508403ee550bc4330134e6e82be763455f4844 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb
 7e0676344b3c5531a165f51c98b243d4b99f0929c27c2a91160f3f27761db714 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb
Files: 
 21047f8baaf3aefb944a6ea7e71648a2 1990 web optional wordpress_3.6.1+dfsg-1~deb7u1.dsc
 4fbd2c241f5d7075b115dfba1b130bfa 3214412 web optional wordpress_3.6.1+dfsg.orig.tar.xz
 0c3207d7b5a842c131042e165d2bcf3b 5226752 web optional wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz
 aac46cf8749943c0e6ae6812a9a0bc38 3956114 web optional wordpress_3.6.1+dfsg-1~deb7u1_all.deb
 9192c2ed90e9e86c6eb2f0e333ca94f6 8858980 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iQEcBAEBCgAGBQJSNCENAAoJEG3bU/KmdcClpvwH/AkMBRyBP8cCGN+k7kcQtC8Y
9NfrzdpQusR6sK3QzU9OKUh9agNrpFen4vf3q9EhqKbF15fGvxAw2xBMnlVcrlYR
XELaPWDrCGIFJcsE14+e3rJZ3uI+WK1TZ1s9rC8ujUOxPJFrAsVmmbRhGyxD/rrM
anOwiaD3qYYrTf/lOYFQR8HxkSPL8iuauLZIGIKiaOxKmGYXAkwWi+dJsOTDr/f1
gLqdau/Nte2j7C5xQmNxwLs8OBnDDGWEtptOrKH6+NjEtC3PsLce1wDT2Ys0ld/+
JDQ2IgLKgsMN1PGxUTFMOoyiuEIiAGiZqKXhUiand/UDc7uyuOwhwVO9lzL5lK8=
=faf4
-----END PGP SIGNATURE-----