Changelog
wordpress (3.6.1+dfsg-1~deb7u5) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Backport patches for 3.7.4->3.7.5 Closes: #770425
* The patches fix the following security bugs:
- CVE-2014-9031 XSS in wptexturize() via comments or posts
- CVE-2014-9033 CSRF in the password reset process
- CVE-2014-9034 Denial of service for giant passwords
- CVE-2014-9035 XSS in Press This
- CVE-2014-9036 XSS in HTML filtering of CSS in posts
- CVE-2014-9037 Hash comparison vulnerability in old passwords
- CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block
the loopback IP address space
- CVE-2014-9039 Email address change didn't invalidate previously sent
password reset
-- Craig Small <email address hidden> Wed, 03 Dec 2014 17:49:41 +1100