Debian
wordpress package

wordpress 3.6.1+dfsg-1~deb7u1 source package in Debian

Changelog

wordpress (3.6.1+dfsg-1~deb7u1) wheezy-security; urgency=high


  * Non-maintainer upload by the Security Team.
  * Import Wordpress 3.6.1 from Jessie to fix all the security issues present
    in Squeeze                                                   closes: #72253
    - CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
    execution.
    - CVE-2013-4339: unproper input validation in URL parsing can lead to
    arbitrary redirection.
    - CVE-2013-4340: privilege escalation allowing an user with an author
    role to create an entry appearing as written by another user.
    - CVE-2013-5738: authenticated users can conduct cross-site scripting
    attacks (XSS) using crafted html file uploads.
    - CVE-2013-5739: default Wordpress configuration doesn't prevent upload
    for .swf and .exe files, making it easier for authenticated users to
    conduct XSS attacks.

 -- Yves-Alexis Perez <email address hidden>  Sat, 14 Sep 2013 10:35:45 +0200

Upload details

Uploaded by:
Giuseppe Iuculano
Uploaded to:
Wheezy
Original maintainer:
Giuseppe Iuculano
Architectures:
all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
wordpress_3.6.1+dfsg-1~deb7u1.dsc 1.9 KiB 4e34be0168181d1d8b274c304efd53e21e86630445eaa9d96735d389c888a71a
wordpress_3.6.1+dfsg.orig.tar.xz 3.1 MiB 20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d
wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz 5.0 MiB 125d9651c2338bebf1ebf6c42dc924974f36ef63b6847eddc5eee7fd6b92ebc3

No changes file available.

Binary packages built by this source