Bug#568729: pu: package wordpress/2.5.1-11+lenny3

Sun, 07 Feb 2010 04:09:13 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I prepared an upload to fix a minor security issue in wordpress.
Debdiff attached.


Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktuqGYACgkQNxpp46476arliQCgnASlYiS3suRzVWaorpKCPwKD
gtoAoJetoPnqqeSfvakm0tGrl2c++Oul
=Uaka
-----END PGP SIGNATURE-----

diff -u wordpress-2.5.1/debian/changelog wordpress-2.5.1/debian/changelog
--- wordpress-2.5.1/debian/changelog
+++ wordpress-2.5.1/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (2.5.1-11+lenny3) stable; urgency=low
+
+  * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+ -- Giuseppe Iuculano <iucul...@debian.org>  Sun, 07 Feb 2010 12:27:14 +0100
+
 wordpress (2.5.1-11+lenny2) stable; urgency=low
 
   * [1dd14e6] Fixed a bug in the password reset procedure, users are now
diff -u wordpress-2.5.1/debian/patches/00list wordpress-2.5.1/debian/patches/00list
--- wordpress-2.5.1/debian/patches/00list
+++ wordpress-2.5.1/debian/patches/00list
@@ -17,0 +18 @@
+018CVE-2009-3622
only in patch2:
unchanged:
--- wordpress-2.5.1.orig/debian/patches/018CVE-2009-3622.dpatch
+++ wordpress-2.5.1/debian/patches/018CVE-2009-3622.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 018CVE-2009-3622.dpatch by Giuseppe Iuculano <iucul...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+...@dpatch@
+diff -urNad wordpress~/wp-trackback.php wordpress/wp-trackback.php
+--- wordpress~/wp-trackback.php	2009-12-03 23:05:28.000000000 +0100
++++ wordpress/wp-trackback.php	2009-12-03 23:09:00.000000000 +0100
+@@ -39,7 +39,7 @@
+ $blog_name = stripslashes($_POST['blog_name']);
+ 
+ if ($charset)
+-	$charset = strtoupper( trim($charset) );
++	$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
+ else
+ 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
+

Reply via email to