Change log for wordpress package in Debian
| 151 → 177 of 177 results | First • Previous • Next • Last |
| Superseded in squeeze-release |
wordpress (3.0.5+dfsg-0+squeeze1) stable-security; urgency=high * [077b77b] Imported Upstream version 3.0.5+dfsg - Fixed CVE-2011-0700: two XSS bug. Affects users of the Author or Contributor role. - Fixed CVE-2011-0701: potential information disclosure of posts through the media uploader. -- Giuseppe Iuculano <email address hidden> Wed, 16 Feb 2011 17:22:09 +0100
wordpress (3.0.5+dfsg-1) unstable; urgency=medium * [077b77b] Imported Upstream version 3.0.5+dfsg * [8d1ce17] Refreshed patches -- Giuseppe Iuculano <email address hidden> Fri, 11 Feb 2011 17:50:40 +0100
| Published in lenny-release |
wordpress (2.5.1-11+lenny4) stable-security; urgency=high * [6f61bff] Fix CVE-2010-4257: SQL injection vulnerability in the do_trackbacks function (Closes: #605603) -- Giuseppe Iuculano <email address hidden> Thu, 09 Dec 2010 15:42:31 +0100
wordpress (3.0.4+dfsg-1) unstable; urgency=high * [9d62499] Imported Upstream version 3.0.4+dfsg - This is critical security update, more info: http://wp.me/pZhYe-qt -- Giuseppe Iuculano <email address hidden> Thu, 30 Dec 2010 14:47:40 +0100
| Superseded in sid-release |
wordpress (3.0.3.dfsg-1) unstable; urgency=high * [e113893] Imported Upstream version 3.0.3.dfsg - Re-packaged without the hello dolly plugin (Closes: #607240) * [9d62cfd] Removed hello.patch -- Giuseppe Iuculano <email address hidden> Tue, 28 Dec 2010 17:22:34 +0100
wordpress (3.0.3-1) unstable; urgency=high * [014c926] Imported Upstream version 3.0.3 (Closes: #606657) * [f29b6ac] Use GPL-compliant lyrics in the hello dolly plugin. (Closes: #607240) -- Giuseppe Iuculano <email address hidden> Fri, 17 Dec 2010 11:03:55 +0100
wordpress (3.0.2-1) unstable; urgency=high [ Raphaël Hertzog ] * [9d6922c] Improve wp-config.php to support sites on subdomains and htaccess by providing directives ready to uncomment [ Giuseppe Iuculano ] * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880) - Author level SQL injection vulnerability fixed (Closes: #605603) * [b4f2869] Refreshed debian/patches/001readme.patch * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732) -- Giuseppe Iuculano <email address hidden> Tue, 07 Dec 2010 08:43:38 +0100
wordpress (3.0.1-2) unstable; urgency=low
* [e8a913f] Remove swfupload.swf from the binary package, as it cannot
be built from source, violating the Policy. (Closes: #591195)
* [92493d0] Document in Readme.Debian how to get swfupload.swf
* [3663a53] debian/get-upstream-i18n: download also configuration
files for RTL-languages (Closes: #585784)
* [8bbdc8b] Added a missing define in debian/wp-config.php (Closes: #590859)
* [34dd063] Updated language files
* [adf55b3] Install *.php configuration files for RTL-languages
-- Giuseppe Iuculano <email address hidden> Thu, 02 Sep 2010 10:33:50 +0200
wordpress (3.0.1-1) unstable; urgency=low * [e6e4f09] Updated watch file * [12dd7cd] Imported Upstream version 3.0.1 * [7f03621] Bump to standards-version 3.9.1, no changes needed -- Giuseppe Iuculano <email address hidden> Wed, 04 Aug 2010 16:41:24 +0200
wordpress (3.0-1) unstable; urgency=low
[ Giuseppe Iuculano ]
* [a57d26e] Imported Upstream version 3.0 (Closes: #586764)
* [a74cd68] MU: enable multi-user by default and install the proper
blogs.dir directory
* [ffd926e] fix the blogs.dir link
* [c81081d] Adjust MU setup for Debian installations
* [c14dd9d] Update language files
* [6a7296f] Added Raphaël Hertzog in Uploaders
* [7ea24ff] Updated watch file
[ Raphaël Hertzog ]
* [2d1df3e] Update patch debian/patches/001readme.patch
* [58a772e] Update patch debian/patches/003installer.patch
* [332abfc] Update patch debian/patches/006rss_language.patch
* [ee99544] Update patch debian/patches/008CVE2008-2392.patch
* [b960914] Refresh patch debian/patches/009CVE2008-6767.patch
* [511eea7] Refresh patch
debian/patches/010disabling_update_note.patch
* [22c5015] Refresh patch debian/patches/manifest.patch
* [7cfe147] Switch to source format 3.0 (quilt).
* [8c86759] Add back the default theme that has been dropped upstream
* [390188e] Adjust links and rules to cope with removal of
scriptaculous/prototype.js
* [1313b13] Add package prefix to many debian/ files for clarity
* [c4e7651] Switch to dh7 tiny rules file and general cleanup of the
build process.
* [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint
repository.
-- Giuseppe Iuculano <email address hidden> Sun, 27 Jun 2010 15:47:40 +0200
| Superseded in lenny-release |
wordpress (2.5.1-11+lenny3) stable; urgency=low * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset. -- Giuseppe Iuculano <email address hidden> Sun, 07 Feb 2010 12:27:14 +0100
wordpress (2.9.2-1) unstable; urgency=low * [3f228c1] Imported Upstream version 2.9.2 * [7965955] Bump to Standards-Version 3.8.4 (no changes) * [e86fd59] Updated language files -- Giuseppe Iuculano <email address hidden> Tue, 16 Feb 2010 12:41:01 +0100
wordpress (2.9.1-2) unstable; urgency=low
* [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) -
thanks to Franck Nouyrigat
* [aa0f3a0] Allow site names with dash character. (Closes: #566224) -
thanks to Mikko Visa
* [ee0a44e] Updated language files
-- Giuseppe Iuculano <email address hidden> Fri, 22 Jan 2010 19:07:14 +0100
wordpress (2.9.1-1) unstable; urgency=low
* [a83b8fd] Imported Upstream version 2.9.1
* [216890e] Added ${misc:Depends} in Depends
* [ec95986] Updated language files
-- Giuseppe Iuculano <email address hidden> Wed, 06 Jan 2010 13:20:35 +0100
wordpress (2.9-1) unstable; urgency=low * [fdd001e] Change wordpress-l10n section (localization) * [625fa21] Imported Upstream version 2.9 * [dd9b536] Refreshed patches * [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry * [3287ec5] Updated language files (Closes: #556902) -- Giuseppe Iuculano <email address hidden> Wed, 23 Dec 2009 14:31:36 +0100
wordpress (2.8.6-1) unstable; urgency=low
* [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki
Yamane
* [997165e] Imported Upstream version 2.8.6
* [05395e1] debian/wp-config.php: sanitize $debian_server and do not
check if $debian_file is under /etc/wordpress (Closes: #549436)
* [dc016ce] Updated language files
-- Giuseppe Iuculano <email address hidden> Sat, 14 Nov 2009 12:53:07 +0100
wordpress (2.8.5-1) unstable; urgency=high
* [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841)
- This version fixes CVE-2009-3622, Wordpress Trackback DoS
* [cad0da2] Updated languages files
* [e8438f2] Use /var/log/apache2 directory in the apache example file
(Closes: #551380)
-- Giuseppe Iuculano <email address hidden> Wed, 21 Oct 2009 21:43:31 +0200
wordpress (2.8.4-3) unstable; urgency=low
* [dc295db] Provide a more descriptive errror message if the vhost
config file is not found. (LP: #365783)
* [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) -
thanks to Arnaud Guiton
* [fd27308] Updated debian/copyright
* [94ad7d3] Split up the language files into a separate package
* [08334d7] Updated language files
* [6682ab3] Updated my email address and removed DM-Upload-Allowed
control field
-- Giuseppe Iuculano <email address hidden> Sat, 03 Oct 2009 10:28:16 +0200
wordpress (2.8.4-2) unstable; urgency=low
* [e582ddd] Removed reference about drag.gif in manifest.php, thanks
to Michel Meyers (Closes: #517969)
* [a0d70c8] Do not symlink readme.html, instead install it in
/usr/share/wordpress
* [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper
symlink to the tabfocus plugin
* [0492b02] Added a note in NEWS and README.debian about the secondary
consequence caused by the previous fix for a possible script
injection via /etc/wordpress/wp-config.php
* [6a3c803] Updated language files
-- Giuseppe Iuculano <email address hidden> Wed, 26 Aug 2009 14:53:43 +0200
| Superseded in lenny-release |
wordpress (2.5.1-11+lenny2) stable; urgency=low
* [1dd14e6] Fixed a bug in the password reset procedure, users are now
able to reset their passwords (Closes: #519798)
-- Giuseppe Iuculano <email address hidden> Tue, 25 Aug 2009 12:44:20 +0200
wordpress (2.8.3-2) unstable; urgency=medium
* [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce
activation key to be a string (Closes: #541102)
* [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop.
(Closes: #541199)
-- Giuseppe Iuculano <email address hidden> Wed, 12 Aug 2009 18:18:52 +0200
wordpress (2.8.3-1) unstable; urgency=medium
* [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411)
This release fixed several security issue:
- Privileges unchecked and multiple information disclosures.
(CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724)
- CVE-2009-2431, CVE-2009-2432: Obtain sensitive information
(Closes: #537146)
- CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php
(Closes: #531736)
* [347c164] debian/control: Added Giuseppe Iuculano in Uploaders,
added Vcs and DM-Upload-Allowed control field
* [92fb4ab] Bump to debhelper 7 compatibility levels
* [5b8536e] Refreshing patches
* [d999c0e] Added a watch file
* [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there
isn't anymore.
* [9c4d0e5] debian/get-upstream-i18n: download .xpi files into
debian/languages
* [76b7c5c] Install language files
* [a0bfad2] Move gettext in Build-Depends-Indep
* [8b607bf] Use set -e instead of passing -e to the shell on the #!
line
* [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can
upgrade wordpress. (CVE-2008-6767) (Closes: #531736)
* [d6adfbe] Disabled the the "please update" warning, thanks to Hans
Spaans and Rolf Leggewie (Closes: #506685)
* [15c360c] Updated to standards version 3.8.2 (No changes needed)
-- Giuseppe Iuculano <email address hidden> Tue, 11 Aug 2009 16:30:35 +0200
wordpress (2.7.1-2) unstable; urgency=low * setup-mysql corrected to accept domain names with hyphens (Closes: #514447) * wp-config.php now dies if no config file is found (Closes: #500296) * now the static browser uploader is supported (Closes: #501507) Users che chose to use the browser (instead of flash) to upload media files. -- Andrea De Iacovo <email address hidden> Sun, 15 Feb 2009 19:13:35 +0100
wordpress (2.5.1-11) unstable; urgency=high
* Added 011CVE2008-5278.patch. (Closes: #507193)
Upstream patch for XSS in feed.php self_link function was
implemented. (CVE-2008-5278)
-- Andrea De Iacovo <email address hidden> Sun, 30 Nov 2008 11:26:39 +0100
wordpress (2.5.1-10) unstable; urgency=high * 007CVE2008-2392.patch modified. Now users chan dinamically choose to enable unrestricted upload for admins. * 010_REQUEST.patch added. This patch is only a workaround for #504771. Now cookies are properly checked; if something malicious is found wordpress stops any other execution until cookies are not cleaned. -- Andrea De Iacovo <email address hidden> Thu, 06 Nov 2008 10:12:35 +0100
wordpress (2.5.1-9) unstable; urgency=high
* Wordpress now depends on libphp-snoopy (Closes: #443948)
* libphp-snoopy dependance solves grave security issue (Closes: #504234)
Thanks to the new version of snoopy class the user input is now sanitized
so it's not possibile to inject malicius code anymore (CVE-2008-4796)
* setup-mysql modified to fix permissions on /srv/www
-- Andrea De Iacovo <email address hidden> Mon, 03 Nov 2008 08:39:16 +0100
wordpress (2.5.1-8) unstable; urgency=high
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
-- Andrea De Iacovo <email address hidden> Thu, 25 Sep 2008 17:02:47 +0200
| 151 → 177 of 177 results | First • Previous • Next • Last |
