Accepted movabletype-opensource 5.1.4+dfsg-4+deb7u2 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Mar 2015 10:56:52 +0100
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core movabletype-plugin-zemanta
Architecture: source all
Version: 5.1.4+dfsg-4+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Movable Type and OpenMelody team <pkg-mt-om-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
movabletype-opensource - Well-known blogging engine
movabletype-plugin-core - Core Movable Type plugins
movabletype-plugin-zemanta - Zemanta Movable Type plugin
Closes: 712602 774192
Changes:
movabletype-opensource (5.1.4+dfsg-4+deb7u2) wheezy-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add CVE-2014-9057.patch patch.
CVE-2014-9057: SQL injection vulnerability in the XML-RPC interface.
(Closes: #774192)
* Add CVE-2015-1592.patch patch.
CVE-2015-1592: The Perl Storable::thaw function is not properly used,
allowing remote attackers to include and execute arbitrary local Perl
files and possibly remotely execute arbitrary code.
* Add CVE-2013-2184.patch patch.
CVE-2013-2184: Unsafe use of Storable::thaw in the handling of comments
to blog posts. (Closes: #712602)
Checksums-Sha1:
20d4e16c77e79d69504f7c8e63288498a6c248ef 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc
7b7a022018a5a97a6eda2af8c480e6bbdfafdc67 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz
790733117b23c4152b394b1e000f52484f675a06 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb
0877defaf8a32fe817482624aaddf31eae003bb0 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb
70590d268d6fc3ab644d6dcd478bd034359f8c2f 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb
Checksums-Sha256:
da5fbced85f5324ef3bcb45eb69589c30b6a2c1e8639c2286146062a5fb3dd08 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc
a7c15e9ad68f7687bc4ea2a1b26fc9731e3a21a9a3d722935673cf71af591dc7 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz
af9f4ccd3553288245907aab500c57b4e7697d9d841085fd5954fb0233d5b148 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb
5ab71123ce322b11a8cf78a8dc2e2719022abf265f5d048e427aae23a9c06393 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb
17cb69b87da8c886ab3838a2ffee87bcf316b50289e22d05db661787ba79d7c2 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb
Files:
ab66733c94cc8d8e929c26bf51150684 2327 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc
cb943096d059f244f34773a47ada102d 40969 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz
24100dd1a007e25e566a38256936f697 4117052 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb
7174613894012ed0bee524cdcb4aa2c1 170524 web optional movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb
110306048da7047291a4aeb34aa5d93c 16728 web optional movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVAaGsAAoJEAVMuPMTQ89EnNkQAJT5RXlQ4YvvDVcwm/8Cncfh
eOF+BToFMZpuCo61bmzrLnec/S2LSd6NvIjQT5FcUcFckR/iwPHK84KGKb0mwa/r
nPWuIjcaxgoijs2h0dC02Bx40mHIW8i2fFH7ytT7GJMBs7rO91z9UAdpwrKnw5xg
YEB7JnJSDOlr2eFYLU0Z4qgxAVGoI/n5AGXyZYNqwzARSNVKD5FBvR5SJM+huz9f
Aj+q6XS49LrQOEXok76OGhE6Q6YYIBNJnHQaChDsf0l6TAsfgaGyBlLleOIBIG1E
XtiitXwUjE2XuC6coKUH1IaXmupuUQUbCFnzm3WRgTTceFbcEFgegbEgk6usGPWD
sulyRDMblZhOC7mN9PRIsSJk0i6GvywWiBepS898Z+MyM/edEy0f//fjIIMd5CwL
v0doN7lBS+gQexHzfJN8PKzDEOt+Ga2DAgLeSQ9zgx2MwycxRhvE88UrkSdMMFEF
Gr0oEDentWXMHVRK82PDgycACaTBfxvlqTSjozqFZhR5lOMnyrVCdMMgTJaCzY8w
9IHwFKbk+fZUX+BQ4Tf2YlbC22ZxRUgTq+2YMizmX66HfmrBqf3abuwBUAn6eH6W
vQEg92M1ducEDaCZdYzTe2n41XWOynDNN9HZQG235A3xyWwqlrRIKcRA9bIvZlpn
ulv96bHNFI3TK+hYuivl
=UrVV
-----END PGP SIGNATURE-----