Change log for wordpress package in Debian
151 → 177 of 177 results | First • Previous • Next • Last |
Superseded in squeeze-release |
wordpress (3.0.5+dfsg-0+squeeze1) stable-security; urgency=high * [077b77b] Imported Upstream version 3.0.5+dfsg - Fixed CVE-2011-0700: two XSS bug. Affects users of the Author or Contributor role. - Fixed CVE-2011-0701: potential information disclosure of posts through the media uploader. -- Giuseppe Iuculano <email address hidden> Wed, 16 Feb 2011 17:22:09 +0100
wordpress (3.0.5+dfsg-1) unstable; urgency=medium * [077b77b] Imported Upstream version 3.0.5+dfsg * [8d1ce17] Refreshed patches -- Giuseppe Iuculano <email address hidden> Fri, 11 Feb 2011 17:50:40 +0100
Published in lenny-release |
wordpress (2.5.1-11+lenny4) stable-security; urgency=high * [6f61bff] Fix CVE-2010-4257: SQL injection vulnerability in the do_trackbacks function (Closes: #605603) -- Giuseppe Iuculano <email address hidden> Thu, 09 Dec 2010 15:42:31 +0100
wordpress (3.0.4+dfsg-1) unstable; urgency=high * [9d62499] Imported Upstream version 3.0.4+dfsg - This is critical security update, more info: http://wp.me/pZhYe-qt -- Giuseppe Iuculano <email address hidden> Thu, 30 Dec 2010 14:47:40 +0100
Superseded in sid-release |
wordpress (3.0.3.dfsg-1) unstable; urgency=high * [e113893] Imported Upstream version 3.0.3.dfsg - Re-packaged without the hello dolly plugin (Closes: #607240) * [9d62cfd] Removed hello.patch -- Giuseppe Iuculano <email address hidden> Tue, 28 Dec 2010 17:22:34 +0100
wordpress (3.0.3-1) unstable; urgency=high * [014c926] Imported Upstream version 3.0.3 (Closes: #606657) * [f29b6ac] Use GPL-compliant lyrics in the hello dolly plugin. (Closes: #607240) -- Giuseppe Iuculano <email address hidden> Fri, 17 Dec 2010 11:03:55 +0100
wordpress (3.0.2-1) unstable; urgency=high [ Raphaël Hertzog ] * [9d6922c] Improve wp-config.php to support sites on subdomains and htaccess by providing directives ready to uncomment [ Giuseppe Iuculano ] * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880) - Author level SQL injection vulnerability fixed (Closes: #605603) * [b4f2869] Refreshed debian/patches/001readme.patch * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732) -- Giuseppe Iuculano <email address hidden> Tue, 07 Dec 2010 08:43:38 +0100
wordpress (3.0.1-2) unstable; urgency=low * [e8a913f] Remove swfupload.swf from the binary package, as it cannot be built from source, violating the Policy. (Closes: #591195) * [92493d0] Document in Readme.Debian how to get swfupload.swf * [3663a53] debian/get-upstream-i18n: download also configuration files for RTL-languages (Closes: #585784) * [8bbdc8b] Added a missing define in debian/wp-config.php (Closes: #590859) * [34dd063] Updated language files * [adf55b3] Install *.php configuration files for RTL-languages -- Giuseppe Iuculano <email address hidden> Thu, 02 Sep 2010 10:33:50 +0200
wordpress (3.0.1-1) unstable; urgency=low * [e6e4f09] Updated watch file * [12dd7cd] Imported Upstream version 3.0.1 * [7f03621] Bump to standards-version 3.9.1, no changes needed -- Giuseppe Iuculano <email address hidden> Wed, 04 Aug 2010 16:41:24 +0200
wordpress (3.0-1) unstable; urgency=low [ Giuseppe Iuculano ] * [a57d26e] Imported Upstream version 3.0 (Closes: #586764) * [a74cd68] MU: enable multi-user by default and install the proper blogs.dir directory * [ffd926e] fix the blogs.dir link * [c81081d] Adjust MU setup for Debian installations * [c14dd9d] Update language files * [6a7296f] Added Raphaël Hertzog in Uploaders * [7ea24ff] Updated watch file [ Raphaël Hertzog ] * [2d1df3e] Update patch debian/patches/001readme.patch * [58a772e] Update patch debian/patches/003installer.patch * [332abfc] Update patch debian/patches/006rss_language.patch * [ee99544] Update patch debian/patches/008CVE2008-2392.patch * [b960914] Refresh patch debian/patches/009CVE2008-6767.patch * [511eea7] Refresh patch debian/patches/010disabling_update_note.patch * [22c5015] Refresh patch debian/patches/manifest.patch * [7cfe147] Switch to source format 3.0 (quilt). * [8c86759] Add back the default theme that has been dropped upstream * [390188e] Adjust links and rules to cope with removal of scriptaculous/prototype.js * [1313b13] Add package prefix to many debian/ files for clarity * [c4e7651] Switch to dh7 tiny rules file and general cleanup of the build process. * [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint repository. -- Giuseppe Iuculano <email address hidden> Sun, 27 Jun 2010 15:47:40 +0200
Superseded in lenny-release |
wordpress (2.5.1-11+lenny3) stable; urgency=low * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset. -- Giuseppe Iuculano <email address hidden> Sun, 07 Feb 2010 12:27:14 +0100
wordpress (2.9.2-1) unstable; urgency=low * [3f228c1] Imported Upstream version 2.9.2 * [7965955] Bump to Standards-Version 3.8.4 (no changes) * [e86fd59] Updated language files -- Giuseppe Iuculano <email address hidden> Tue, 16 Feb 2010 12:41:01 +0100
wordpress (2.9.1-2) unstable; urgency=low * [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) - thanks to Franck Nouyrigat * [aa0f3a0] Allow site names with dash character. (Closes: #566224) - thanks to Mikko Visa * [ee0a44e] Updated language files -- Giuseppe Iuculano <email address hidden> Fri, 22 Jan 2010 19:07:14 +0100
wordpress (2.9.1-1) unstable; urgency=low * [a83b8fd] Imported Upstream version 2.9.1 * [216890e] Added ${misc:Depends} in Depends * [ec95986] Updated language files -- Giuseppe Iuculano <email address hidden> Wed, 06 Jan 2010 13:20:35 +0100
wordpress (2.9-1) unstable; urgency=low * [fdd001e] Change wordpress-l10n section (localization) * [625fa21] Imported Upstream version 2.9 * [dd9b536] Refreshed patches * [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry * [3287ec5] Updated language files (Closes: #556902) -- Giuseppe Iuculano <email address hidden> Wed, 23 Dec 2009 14:31:36 +0100
wordpress (2.8.6-1) unstable; urgency=low * [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki Yamane * [997165e] Imported Upstream version 2.8.6 * [05395e1] debian/wp-config.php: sanitize $debian_server and do not check if $debian_file is under /etc/wordpress (Closes: #549436) * [dc016ce] Updated language files -- Giuseppe Iuculano <email address hidden> Sat, 14 Nov 2009 12:53:07 +0100
wordpress (2.8.5-1) unstable; urgency=high * [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841) - This version fixes CVE-2009-3622, Wordpress Trackback DoS * [cad0da2] Updated languages files * [e8438f2] Use /var/log/apache2 directory in the apache example file (Closes: #551380) -- Giuseppe Iuculano <email address hidden> Wed, 21 Oct 2009 21:43:31 +0200
wordpress (2.8.4-3) unstable; urgency=low * [dc295db] Provide a more descriptive errror message if the vhost config file is not found. (LP: #365783) * [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) - thanks to Arnaud Guiton * [fd27308] Updated debian/copyright * [94ad7d3] Split up the language files into a separate package * [08334d7] Updated language files * [6682ab3] Updated my email address and removed DM-Upload-Allowed control field -- Giuseppe Iuculano <email address hidden> Sat, 03 Oct 2009 10:28:16 +0200
wordpress (2.8.4-2) unstable; urgency=low * [e582ddd] Removed reference about drag.gif in manifest.php, thanks to Michel Meyers (Closes: #517969) * [a0d70c8] Do not symlink readme.html, instead install it in /usr/share/wordpress * [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper symlink to the tabfocus plugin * [0492b02] Added a note in NEWS and README.debian about the secondary consequence caused by the previous fix for a possible script injection via /etc/wordpress/wp-config.php * [6a3c803] Updated language files -- Giuseppe Iuculano <email address hidden> Wed, 26 Aug 2009 14:53:43 +0200
Superseded in lenny-release |
wordpress (2.5.1-11+lenny2) stable; urgency=low * [1dd14e6] Fixed a bug in the password reset procedure, users are now able to reset their passwords (Closes: #519798) -- Giuseppe Iuculano <email address hidden> Tue, 25 Aug 2009 12:44:20 +0200
wordpress (2.8.3-2) unstable; urgency=medium * [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce activation key to be a string (Closes: #541102) * [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop. (Closes: #541199) -- Giuseppe Iuculano <email address hidden> Wed, 12 Aug 2009 18:18:52 +0200
wordpress (2.8.3-1) unstable; urgency=medium * [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411) This release fixed several security issue: - Privileges unchecked and multiple information disclosures. (CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724) - CVE-2009-2431, CVE-2009-2432: Obtain sensitive information (Closes: #537146) - CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php (Closes: #531736) * [347c164] debian/control: Added Giuseppe Iuculano in Uploaders, added Vcs and DM-Upload-Allowed control field * [92fb4ab] Bump to debhelper 7 compatibility levels * [5b8536e] Refreshing patches * [d999c0e] Added a watch file * [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there isn't anymore. * [9c4d0e5] debian/get-upstream-i18n: download .xpi files into debian/languages * [76b7c5c] Install language files * [a0bfad2] Move gettext in Build-Depends-Indep * [8b607bf] Use set -e instead of passing -e to the shell on the #! line * [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can upgrade wordpress. (CVE-2008-6767) (Closes: #531736) * [d6adfbe] Disabled the the "please update" warning, thanks to Hans Spaans and Rolf Leggewie (Closes: #506685) * [15c360c] Updated to standards version 3.8.2 (No changes needed) -- Giuseppe Iuculano <email address hidden> Tue, 11 Aug 2009 16:30:35 +0200
wordpress (2.7.1-2) unstable; urgency=low * setup-mysql corrected to accept domain names with hyphens (Closes: #514447) * wp-config.php now dies if no config file is found (Closes: #500296) * now the static browser uploader is supported (Closes: #501507) Users che chose to use the browser (instead of flash) to upload media files. -- Andrea De Iacovo <email address hidden> Sun, 15 Feb 2009 19:13:35 +0100
wordpress (2.5.1-11) unstable; urgency=high * Added 011CVE2008-5278.patch. (Closes: #507193) Upstream patch for XSS in feed.php self_link function was implemented. (CVE-2008-5278) -- Andrea De Iacovo <email address hidden> Sun, 30 Nov 2008 11:26:39 +0100
wordpress (2.5.1-10) unstable; urgency=high * 007CVE2008-2392.patch modified. Now users chan dinamically choose to enable unrestricted upload for admins. * 010_REQUEST.patch added. This patch is only a workaround for #504771. Now cookies are properly checked; if something malicious is found wordpress stops any other execution until cookies are not cleaned. -- Andrea De Iacovo <email address hidden> Thu, 06 Nov 2008 10:12:35 +0100
wordpress (2.5.1-9) unstable; urgency=high * Wordpress now depends on libphp-snoopy (Closes: #443948) * libphp-snoopy dependance solves grave security issue (Closes: #504234) Thanks to the new version of snoopy class the user input is now sanitized so it's not possibile to inject malicius code anymore (CVE-2008-4796) * setup-mysql modified to fix permissions on /srv/www -- Andrea De Iacovo <email address hidden> Mon, 03 Nov 2008 08:39:16 +0100
wordpress (2.5.1-8) unstable; urgency=high * Added 009CVE2008-4106 patch. (Closes: #500115) Whitespaces in user name are now checked during login. It's not possible to register an "admin(n-whitespaces)" user anymore to gain unauthorized access to the admin panel. -- Andrea De Iacovo <email address hidden> Thu, 25 Sep 2008 17:02:47 +0200
151 → 177 of 177 results | First • Previous • Next • Last |