-
wordpress (3.6.1+dfsg-1~deb6u4) squeeze-security; urgency=medium
* Non-maintainer upload by the Security Team.
* fixed dependency for libjs-cropper Closes: #745189
-- Craig Small <email address hidden> Mon, 21 Apr 2014 09:47:09 +1000
-
wordpress (3.6.1+dfsg-1~deb6u1) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
* Import Wordpress 3.6.1 from Jessie to fix all the security issues present
in Squeeze: closes: #722537
- CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
execution.
- CVE-2013-4339: unproper input validation in URL parsing can lead to
arbitrary redirection.
- CVE-2013-4340: privilege escalation allowing an user with an author role
to create an entry appearing as written by another user.
- CVE-2013-5738: authenticated users can conduct cross-site scripting
attacks (XSS) using crafted html file uploads.
- CVE-2013-5739: default Wordpress configuration doesn't prevent upload
for .swf and .exe files, making it easier for authenticated users to
conduct XSS attacks.
-- Yves-Alexis Perez <email address hidden> Sat, 14 Sep 2013 10:30:29 +0200
-
wordpress (3.5.2+dfsg-1~deb6u1) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
* Import wordpress from Jessie to fix all the security issues present in
Squeeze.
-- Yves-Alexis Perez <email address hidden> Sat, 29 Jun 2013 13:49:37 +0200
-
wordpress (3.3.2+dfsg-1~squeeze1) stable-security; urgency=low
* Import wordpress from Wheezy to fix all the security issues present in
Squeeze. This fixes:
- CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127,
CVE-2011-3128, CVE-2011-3129, CVE-2011-3130 (multiple unspecified
vulnerabilities) which were allocated from
the Wordpress 3.1.3 / 3.2 beta2 release announcement
- CVE-2011-4956 (missing input sanitization) and CVE-2011-4957 (missing
URL length check in make_clickable() function) allocated from Wordpress
3.1.1 release announcement.
- CVE-2012-2399 (unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf), CVE-2012-2400 (unspecified
vulnerability in wp-includes/js/swfobject.js), CVE-2012-2401 (Same-Origin
Policy bypass in Plupload plugin), CVE-2012-2402 (access restriction
bypass by authenticated site administrators), CVE-2012-2403 (Wordpress
supports clickable links inside attributes, making it easier to conduct
XSS attacks) CVE-2012-2404 (Wordpress supports offsite redirects,
making it easier to conduct XSS attacks), which were allocated from the
3.3.2 release announcement. closes: #670124
* debian/wordpress.linktrees:
- don't symlink TinyMCE, it's too old in Squeeze.
- don't deduplicate jquery, same thing.
- don't deduplicate jquery-form, doesn't exist in Squeeze.
* debian/control:
- drop build-dep on tinymce, libjs-jquery and libjs-jquery-form, we'll use
the embedded versions.
-- Yves-Alexis Perez <email address hidden> Thu, 10 May 2012 23:00:46 +0200
-
wordpress (3.0.5+dfsg-0+squeeze1) stable-security; urgency=high
* [077b77b] Imported Upstream version 3.0.5+dfsg - Fixed CVE-2011-0700: two XSS bug. Affects users of the Author or Contributor role. - Fixed CVE-2011-0701: potential information disclosure of posts through the media uploader. -- Giuseppe Iuculano <email address hidden> Wed, 16 Feb 2011 17:22:09 +0100
-
wordpress (3.0.4+dfsg-1) unstable; urgency=high
* [9d62499] Imported Upstream version 3.0.4+dfsg - This is critical security update, more info: http://wp.me/pZhYe-qt -- Giuseppe Iuculano <email address hidden> Thu, 30 Dec 2010 14:47:40 +0100
-
wordpress (3.0.2-1) unstable; urgency=high
[ Raphaël Hertzog ] * [9d6922c] Improve wp-config.php to support sites on subdomains and htaccess by providing directives ready to uncomment [ Giuseppe Iuculano ] * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880) - Author level SQL injection vulnerability fixed (Closes: #605603) * [b4f2869] Refreshed debian/patches/001readme.patch * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732) -- Giuseppe Iuculano <email address hidden> Tue, 07 Dec 2010 08:43:38 +0100
-
wordpress (3.0.1-2) unstable; urgency=low
* [e8a913f] Remove swfupload.swf from the binary package, as it cannot
be built from source, violating the Policy. (Closes: #591195)
* [92493d0] Document in Readme.Debian how to get swfupload.swf
* [3663a53] debian/get-upstream-i18n: download also configuration
files for RTL-languages (Closes: #585784)
* [8bbdc8b] Added a missing define in debian/wp-config.php (Closes: #590859)
* [34dd063] Updated language files
* [adf55b3] Install *.php configuration files for RTL-languages
-- Giuseppe Iuculano <email address hidden> Thu, 02 Sep 2010 10:33:50 +0200
-
wordpress (3.0.1-1) unstable; urgency=low
* [e6e4f09] Updated watch file
* [12dd7cd] Imported Upstream version 3.0.1
* [7f03621] Bump to standards-version 3.9.1, no changes needed
-- Giuseppe Iuculano <email address hidden> Wed, 04 Aug 2010 16:41:24 +0200
-
wordpress (3.0-1) unstable; urgency=low
[ Giuseppe Iuculano ]
* [a57d26e] Imported Upstream version 3.0 (Closes: #586764)
* [a74cd68] MU: enable multi-user by default and install the proper
blogs.dir directory
* [ffd926e] fix the blogs.dir link
* [c81081d] Adjust MU setup for Debian installations
* [c14dd9d] Update language files
* [6a7296f] Added Raphaël Hertzog in Uploaders
* [7ea24ff] Updated watch file
[ Raphaël Hertzog ]
* [2d1df3e] Update patch debian/patches/001readme.patch
* [58a772e] Update patch debian/patches/003installer.patch
* [332abfc] Update patch debian/patches/006rss_language.patch
* [ee99544] Update patch debian/patches/008CVE2008-2392.patch
* [b960914] Refresh patch debian/patches/009CVE2008-6767.patch
* [511eea7] Refresh patch
debian/patches/010disabling_update_note.patch
* [22c5015] Refresh patch debian/patches/manifest.patch
* [7cfe147] Switch to source format 3.0 (quilt).
* [8c86759] Add back the default theme that has been dropped upstream
* [390188e] Adjust links and rules to cope with removal of
scriptaculous/prototype.js
* [1313b13] Add package prefix to many debian/ files for clarity
* [c4e7651] Switch to dh7 tiny rules file and general cleanup of the
build process.
* [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint
repository.
-- Giuseppe Iuculano <email address hidden> Sun, 27 Jun 2010 15:47:40 +0200
-
wordpress (2.9.2-1) unstable; urgency=low
* [3f228c1] Imported Upstream version 2.9.2
* [7965955] Bump to Standards-Version 3.8.4 (no changes)
* [e86fd59] Updated language files
-- Giuseppe Iuculano <email address hidden> Tue, 16 Feb 2010 12:41:01 +0100
-
wordpress (2.9.1-2) unstable; urgency=low
* [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) -
thanks to Franck Nouyrigat
* [aa0f3a0] Allow site names with dash character. (Closes: #566224) -
thanks to Mikko Visa
* [ee0a44e] Updated language files
-- Giuseppe Iuculano <email address hidden> Fri, 22 Jan 2010 19:07:14 +0100
-
wordpress (2.9.1-1) unstable; urgency=low
* [a83b8fd] Imported Upstream version 2.9.1
* [216890e] Added ${misc:Depends} in Depends
* [ec95986] Updated language files
-- Giuseppe Iuculano <email address hidden> Wed, 06 Jan 2010 13:20:35 +0100
-
wordpress (2.9-1) unstable; urgency=low
* [fdd001e] Change wordpress-l10n section (localization)
* [625fa21] Imported Upstream version 2.9
* [dd9b536] Refreshed patches
* [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry
* [3287ec5] Updated language files (Closes: #556902)
-- Giuseppe Iuculano <email address hidden> Wed, 23 Dec 2009 14:31:36 +0100
-
wordpress (2.8.6-1) unstable; urgency=low
* [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki
Yamane
* [997165e] Imported Upstream version 2.8.6
* [05395e1] debian/wp-config.php: sanitize $debian_server and do not
check if $debian_file is under /etc/wordpress (Closes: #549436)
* [dc016ce] Updated language files
-- Giuseppe Iuculano <email address hidden> Sat, 14 Nov 2009 12:53:07 +0100
-
wordpress (2.8.5-1) unstable; urgency=high
* [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841)
- This version fixes CVE-2009-3622, Wordpress Trackback DoS
* [cad0da2] Updated languages files
* [e8438f2] Use /var/log/apache2 directory in the apache example file
(Closes: #551380)
-- Giuseppe Iuculano <email address hidden> Wed, 21 Oct 2009 21:43:31 +0200
-
wordpress (2.8.4-3) unstable; urgency=low
* [dc295db] Provide a more descriptive errror message if the vhost
config file is not found. (LP: #365783)
* [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) -
thanks to Arnaud Guiton
* [fd27308] Updated debian/copyright
* [94ad7d3] Split up the language files into a separate package
* [08334d7] Updated language files
* [6682ab3] Updated my email address and removed DM-Upload-Allowed
control field
-- Giuseppe Iuculano <email address hidden> Sat, 03 Oct 2009 10:28:16 +0200
-
wordpress (2.8.4-2) unstable; urgency=low
* [e582ddd] Removed reference about drag.gif in manifest.php, thanks
to Michel Meyers (Closes: #517969)
* [a0d70c8] Do not symlink readme.html, instead install it in
/usr/share/wordpress
* [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper
symlink to the tabfocus plugin
* [0492b02] Added a note in NEWS and README.debian about the secondary
consequence caused by the previous fix for a possible script
injection via /etc/wordpress/wp-config.php
* [6a3c803] Updated language files
-- Giuseppe Iuculano <email address hidden> Wed, 26 Aug 2009 14:53:43 +0200
-
wordpress (2.8.3-2) unstable; urgency=medium
* [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce
activation key to be a string (Closes: #541102)
* [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop.
(Closes: #541199)
-- Giuseppe Iuculano <email address hidden> Wed, 12 Aug 2009 18:18:52 +0200
-
wordpress (2.7.1-2) unstable; urgency=low
* setup-mysql corrected to accept domain names with hyphens (Closes: #514447)
* wp-config.php now dies if no config file is found (Closes: #500296)
* now the static browser uploader is supported (Closes: #501507)
Users che chose to use the browser (instead of flash) to upload media files.
-- Andrea De Iacovo <email address hidden> Sun, 15 Feb 2009 19:13:35 +0100