Debian
wordpress package

wordpress 3.5.2+dfsg-1~deb7u1 source package in Debian

Changelog

wordpress (3.5.2+dfsg-1~deb7u1) wheezy-security; urgency=low


  * New upstream release with many security fixes. Closes: #713947
    * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
    * Privilege Escalation: Contributors can publish posts, and users can
      reassign authorship. CVE-2013-2200.
    * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
    * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
    * Content Spoofing via Flash Applet in TinyMCE Media Plugin.
      CVE-2013-2204.
    * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
    * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
  * Additional security hardening includes:
    * Cross-Site Scripting (XSS) (Low Severity) when Editing Media.
      CVE-2013-2201.
    * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating
      Plugins/Themes. CVE-2013-2201.
    * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
  * Update the Vcs-Git and Vcs-Browser URLs.
  * Update Standards-Version to 3.9.4.

 -- Raphaƫl Hertzog <email address hidden>  Tue, 25 Jun 2013 15:52:07 +0200

Upload details

Uploaded by:
Giuseppe Iuculano
Uploaded to:
Wheezy
Original maintainer:
Giuseppe Iuculano
Architectures:
all
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_3.5.2+dfsg-1~deb7u1.dsc 2.3 KiB 1063ceb235db70cd311ddcdabe441bf8ddaea2022af4c7c01014c6b6a67a97f3
wordpress_3.5.2+dfsg.orig.tar.xz 4.1 MiB c4403b912ec5154aa2ff67e2b7afa5a4b67dca055e3421cc000212b73e6f1eb4
wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 5.0 MiB ee56f142aad5df8b110101730fe7ecf87a45c1d7b76e4ae53a6ace2851ada5d2

No changes file available.

Binary packages built by this source