tag 770425 pending
thanks
Hello,
Bug #770425 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=c02018b
---
commit c02018b182919a91941d7d898a85c2a8a70eb865
Author: Craig Small <csm...@debian.org>
Date: Wed Dec 3 17:49:41 2014 +1100
Imported Debian patch 3.6.1+dfsg-1~deb7u5
diff --git a/debian/changelog b/debian/changelog
index 0f573f8..a0781c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+wordpress (3.6.1+dfsg-1~deb7u5) wheezy-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Backport patches for 3.7.4->3.7.5 Closes: #770425
+ * The patches fix the following security bugs:
+ - CVE-2014-9031 XSS in wptexturize() via comments or posts
+ - CVE-2014-9033 CSRF in the password reset process
+ - CVE-2014-9034 Denial of service for giant passwords
+ - CVE-2014-9035 XSS in Press This
+ - CVE-2014-9036 XSS in HTML filtering of CSS in posts
+ - CVE-2014-9037 Hash comparison vulnerability in old passwords
+ - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block
+ the loopback IP address space
+ - CVE-2014-9039 Email address change didn't invalidate previously sent
+ password reset
+
+ -- Craig Small <csm...@debian.org> Wed, 03 Dec 2014 17:49:41 +1100
+
wordpress (3.6.1+dfsg-1~deb7u4) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
