*** This bug is a security vulnerability *** Public security bug reported:
WordPress only maintains a single stable release (like Google Chrome) and doesn't backport bug fixes or security fixes to old releases. Debian has recently released WordPress 3.5.2, the latest security update, to both Debian Wheezy and Squeeze. Since we're in sync with Debian, we should just backport their packages. 3.5.2+dfsg-1~deb7u1 to quantal and raring 3.5.2+dfsg-1~deb6u1 to precise (the deb7 package needs newer packages than are available for precise) Build logs at https://launchpad.net/~jbicha/+archive/dev/+packages ** Affects: wordpress (Ubuntu) Importance: High Status: New ** Affects: wordpress (Ubuntu Precise) Importance: High Status: New ** Affects: wordpress (Ubuntu Quantal) Importance: High Status: New ** Affects: wordpress (Ubuntu Raring) Importance: High Status: New ** Affects: wordpress (Debian) Importance: Unknown Status: Unknown ** Tags: precise quantal raring upgrade-software-version ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2204 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2205 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2199 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2200 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2201 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2202 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2203 ** Also affects: wordpress (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: wordpress (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: wordpress (Ubuntu Raring) Importance: Undecided Status: New ** Changed in: wordpress (Ubuntu Precise) Importance: Undecided => High ** Changed in: wordpress (Ubuntu Quantal) Importance: Undecided => High ** Changed in: wordpress (Ubuntu Raring) Importance: Undecided => High ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0235 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0236 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0237 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2173 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4448 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2401 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2400 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2399 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2402 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2403 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3383 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3384 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3385 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3414 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3415 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4421 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4422 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2404 ** Bug watch added: Debian Bug tracker #713947 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947 ** Also affects: wordpress (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1221040 Title: Please update wordpress to 3.5.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/1221040/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
