tag 722537 pending
thanks
Hello,
Bug #722537 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=6496a33
---
commit 6496a33c1dfe723e736bf51bbc25d9a5edb110ae
Author: Yves-Alexis Perez <[email protected]>
Date: Fri Sep 13 22:18:29 2013 +0200
Add changelog entry for Squeeze upload.
* Non-maintainer upload by the Security Team.
* Import wordpress from Jessie to fix all the security issues present in
Squeeze.
- update to Wordpress 3.6.1 closes:
#722537
+ CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
execution.
+ CVE-2013-4339: unproper input validation in URL parsing can lead to
arbitrary redirection.
+ CVE-2013-4340: privilege escalation allowing an user with an author
role to create an entry appearing as written by another user.
+ CVE-2013-5738: authenticated users can conduct cross-site scripting
attacks (XSS) using crafted html file uploads.
+ CVE-2013-5739: default Wordpress configuration doesn't prevent upload
for .swf and .exe files, making it easier for authenticated users to
conduct XSS attacks.
diff --git a/debian/changelog b/debian/changelog
index 45995a5..00ac201 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+wordpress (3.6.1+dfsg-1~deb6u1) UNRELEASED; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Import wordpress from Jessie to fix all the security issues present in
+ Squeeze.
+ - update to Wordpress 3.6.1 closes: #722537
+ + CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
+ execution.
+ + CVE-2013-4339: unproper input validation in URL parsing can lead to
+ arbitrary redirection.
+ + CVE-2013-4340: privilege escalation allowing an user with an author
+ role to create an entry appearing as written by another user.
+ + CVE-2013-5738: authenticated users can conduct cross-site scripting
+ attacks (XSS) using crafted html file uploads.
+ + CVE-2013-5739: default Wordpress configuration doesn't prevent upload
+ for .swf and .exe files, making it easier for authenticated users to
+ conduct XSS attacks.
+
+ -- Yves-Alexis Perez <[email protected]> Fri, 13 Sep 2013 21:47:46 +0200
+
wordpress (3.6.1+dfsg-1) unstable; urgency=high
* New upstream security release.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
