Changelog
wordpress (3.3.2+dfsg-1~squeeze1) stable-security; urgency=low
* Import wordpress from Wheezy to fix all the security issues present in
Squeeze. This fixes:
- CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127,
CVE-2011-3128, CVE-2011-3129, CVE-2011-3130 (multiple unspecified
vulnerabilities) which were allocated from
the Wordpress 3.1.3 / 3.2 beta2 release announcement
- CVE-2011-4956 (missing input sanitization) and CVE-2011-4957 (missing
URL length check in make_clickable() function) allocated from Wordpress
3.1.1 release announcement.
- CVE-2012-2399 (unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf), CVE-2012-2400 (unspecified
vulnerability in wp-includes/js/swfobject.js), CVE-2012-2401 (Same-Origin
Policy bypass in Plupload plugin), CVE-2012-2402 (access restriction
bypass by authenticated site administrators), CVE-2012-2403 (Wordpress
supports clickable links inside attributes, making it easier to conduct
XSS attacks) CVE-2012-2404 (Wordpress supports offsite redirects,
making it easier to conduct XSS attacks), which were allocated from the
3.3.2 release announcement. closes: #670124
* debian/wordpress.linktrees:
- don't symlink TinyMCE, it's too old in Squeeze.
- don't deduplicate jquery, same thing.
- don't deduplicate jquery-form, doesn't exist in Squeeze.
* debian/control:
- drop build-dep on tinymce, libjs-jquery and libjs-jquery-form, we'll use
the embedded versions.
-- Yves-Alexis Perez <email address hidden> Thu, 10 May 2012 23:00:46 +0200
