Bug#568731: opu: package wordpress/2.0.10-1etch6

Sun, 07 Feb 2010 04:24:16 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: opu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I prepared an upload to fix a minor security issue in wordpress in oldstable.
Debdiff attached.


Cheers,
Giuseppe.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktuq28ACgkQNxpp46476arkfgCffhbQ4JFoJmLxBdyBhpwO8rg3
G2YAn1Nz+lAuy6AYAVbUOvSYQgk+qeFx
=N6bD
-----END PGP SIGNATURE-----

diff -u wordpress-2.0.10/debian/changelog wordpress-2.0.10/debian/changelog
--- wordpress-2.0.10/debian/changelog
+++ wordpress-2.0.10/debian/changelog
@@ -1,3 +1,10 @@
+wordpress (2.0.10-1etch6) oldstable; urgency=low
+
+  * [1eba647] Fixed CVE-2009-3622: Strip commas and spaces from charset
+    in wp-trackback.php
+
+ -- Giuseppe Iuculano <iucul...@debian.org>  Sun, 07 Feb 2010 12:50:52 +0100
+
 wordpress (2.0.10-1etch5) oldstable-security; urgency=high
 
   * [8c26085] Backported absint() function and fixed a regression in
diff -u wordpress-2.0.10/debian/patches/00list wordpress-2.0.10/debian/patches/00list
--- wordpress-2.0.10/debian/patches/00list
+++ wordpress-2.0.10/debian/patches/00list
@@ -19,0 +20 @@
+020CVE-2009-3622
only in patch2:
unchanged:
--- wordpress-2.0.10.orig/debian/patches/020CVE-2009-3622.dpatch
+++ wordpress-2.0.10/debian/patches/020CVE-2009-3622.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 020CVE-2009-3622.dpatch by Giuseppe Iuculano <iucul...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed CVE-2009-3622: Strip commas and spaces from charset in wp-trackback.php
+
+...@dpatch@
+diff -urNad wordpress~/wp-trackback.php wordpress/wp-trackback.php
+--- wordpress~/wp-trackback.php	2009-12-03 11:39:41.000000000 +0100
++++ wordpress/wp-trackback.php	2009-12-03 11:49:56.000000000 +0100
+@@ -39,7 +39,7 @@
+ $blog_name = stripslashes($_POST['blog_name']);
+ 
+ if ($charset)
+-	$charset = strtoupper( trim($charset) );
++	$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
+ else
+ 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
+

Reply via email to