Bug#670124: marked as done (wordpress: Security fixes in version 3.3.2)

Mon, 23 Apr 2012 16:21:20 -0700 

Your message dated Mon, 23 Apr 2012 23:18:36 +0000
with message-id <[email protected]>
and subject line Bug#670124: fixed in wordpress 3.3.2+dfsg-1
has caused the Debian Bug report #670124,
regarding wordpress: Security fixes in version 3.3.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
670124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670124
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: wordpress
Version: 3.3.1+dfsg-1
Severity: important
Tags: security

Page http://codex.wordpress.org/Version_3.3.2 says:

Three external libraries included in WordPress received security updates:

Plupload (version 1.5.4), which WordPress uses for uploading media.
SWFUpload, which WordPress previously used for uploading media, and may still 
be in use by plugins.
SWFObject, which WordPress previously used to embed Flash content, and may 
still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

Limited privilege escalation where a site administrator could deactivate 
network-wide plugins when running a WordPress network under particular 
circumstances.
Cross-site scripting vulnerability when making URLs clickable.
Cross-site scripting vulnerabilities in redirects after posting comments in 
older browsers, and when filtering URLs.

A full log of the changes made for 3.3.2 can be found at 
http://core.trac.wordpress.org/changeset?new=20554%40branches%2F3.3&old=20087%40branches%2F3.3

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wordpress depends on:
ii  apache2                2.2.16-6+squeeze7 Apache HTTP Server metapackage
ii  apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii  libapache2-mod-php5    5.3.3-7+squeeze8  server-side, HTML-embedded scripti
pn  libjs-cropper          <none>            (no description available)
ii  libjs-jquery           1.4.2-2           JavaScript library for dynamic web
pn  libjs-prototype        <none>            (no description available)
pn  libjs-scriptaculous    <none>            (no description available)
pn  libphp-phpmailer       <none>            (no description available)
pn  libphp-snoopy          <none>            (no description available)
pn  mysql-client           <none>            (no description available)
pn  php-gettext            <none>            (no description available)
ii  php5                   5.3.3-7+squeeze8  server-side, HTML-embedded scripti
ii  php5-gd                5.3.3-7+squeeze8  GD module for php5
ii  php5-mysql             5.3.3-7+squeeze8  MySQL module for php5
pn  tinymce                <none>            (no description available)

Versions of packages wordpress recommends:
pn  wordpress-l10n                <none>     (no description available)

Versions of packages wordpress suggests:
pn  mysql-server                  <none>     (no description available)

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 3.3.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress-l10n_3.3.2+dfsg-1_all.deb
  to main/w/wordpress/wordpress-l10n_3.3.2+dfsg-1_all.deb
wordpress_3.3.2+dfsg-1.debian.tar.xz
  to main/w/wordpress/wordpress_3.3.2+dfsg-1.debian.tar.xz
wordpress_3.3.2+dfsg-1.dsc
  to main/w/wordpress/wordpress_3.3.2+dfsg-1.dsc
wordpress_3.3.2+dfsg-1_all.deb
  to main/w/wordpress/wordpress_3.3.2+dfsg-1_all.deb
wordpress_3.3.2+dfsg.orig.tar.gz
  to main/w/wordpress/wordpress_3.3.2+dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Apr 2012 00:31:42 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.3.2+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Raphaël Hertzog <[email protected]>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 670124
Changes: 
 wordpress (3.3.2+dfsg-1) unstable; urgency=high
 .
   * New upstream security release. Closes: #670124
   * Use the embedded copy of SimplePie until #669054 is resolved.
Checksums-Sha1: 
 dfe2bd11ae070419fa2a3076fb246ec80d5033a1 2271 wordpress_3.3.2+dfsg-1.dsc
 d325c755b07bce3392a25d765f3b871388abaa49 3895574 
wordpress_3.3.2+dfsg.orig.tar.gz
 20ba91d353b2bd06ab1d62615c999a10312ac7a5 14083412 
wordpress_3.3.2+dfsg-1.debian.tar.xz
 de6fc0804ddf54f73484e7b2ae3c07ca1ac95e9b 3691810 wordpress_3.3.2+dfsg-1_all.deb
 4bcc876687075cc4313cbb5e1e740c57da67b9bc 6536884 
wordpress-l10n_3.3.2+dfsg-1_all.deb
Checksums-Sha256: 
 954d50d97afa5e175c6d4fd9c94c0c934f83080254db004c015bb6439377ba48 2271 
wordpress_3.3.2+dfsg-1.dsc
 c857c2a0f18bd91812449c118ac34a72d533eb26259e8fed400582b3c6dee50c 3895574 
wordpress_3.3.2+dfsg.orig.tar.gz
 f4bb585f9f2db8418c18464ea1362447923c33e1eeab016b4f5ab2f2c95222a0 14083412 
wordpress_3.3.2+dfsg-1.debian.tar.xz
 390e1c779e085a0f9e69fda336eeeddaddce3f490b2df6e6404e5ff48fd8dd97 3691810 
wordpress_3.3.2+dfsg-1_all.deb
 be84fa06e54f31ffed583ee70b2f1a3aacd9cacfb63466d899e4867b3495ede8 6536884 
wordpress-l10n_3.3.2+dfsg-1_all.deb
Files: 
 de3b2e6ad2d6f0bf621d41b5c0129bf0 2271 web optional wordpress_3.3.2+dfsg-1.dsc
 864d30098b681a1d0d9c56b5b36ac2f0 3895574 web optional 
wordpress_3.3.2+dfsg.orig.tar.gz
 ffb564bf8f92e3d93a869ac80459a8ed 14083412 web optional 
wordpress_3.3.2+dfsg-1.debian.tar.xz
 f4c363ba1ba18bfa5a5ee5079ef2cb64 3691810 web optional 
wordpress_3.3.2+dfsg-1_all.deb
 bb058493001a6a25010fd220d3cb193b 6536884 localization optional 
wordpress-l10n_3.3.2+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQIcBAEBCAAGBQJPldnrAAoJEOYZBF3yrHKa9GgQALsDpA/1Wyw19tPw2TRHOe6z
ZKZArJIEo9HuIZuKcA1+QHlBWLzJAUqawVkp+Ta2NNOLMmWd45DbkTz0MMCos6KZ
51xSFLBMjwfV/GEHOD9CXPEV5jJt6wOkE9FSAfOjfmXKf5hMcawMMKi1fG+ETrTl
DrP70RswKym/v/EmiNJzDEwnpMi5bbMCLPHsYAQjheqqzvy9SbgBBkPyEixOirtJ
42DAcRfyPhncuxXXnYNRuDdVNlTUYegSl1WUaHRtWxPsyZ7QQF46yc6D7lyoQdhT
lMuoZIn4O6CVXRHLMS2P8uoKsa6B9wdp2fOsYn75Tfarc0X/pRdaPQLc1Bpcapff
cxi0WAsArv8fHFwT0hSTyGCCjFiRdxtXMklHro0g0BOG3qkOpa4/SCB7Wtd2VGZi
aiTXnSW5knxSjTayCU32PYkqQd19TWof06tflhwrx2fWVPYs7c85WIYa7QiJ6h4f
h5lhIBgeEdSW1bf1LlqOJpZNe4KvbX3eNMz3++a+FTK6hwiNsJi6y7aZNhaErQH/
Mjuiq9TAczztUwrUCHfvgnabcEdFC7uRSE0rnt3qhqDA2gHiALmFQhXlX/5pck5B
2bzNBT8L03ufYH1O/lVVVsgp4hS1acbLmXYtP6Pj2S8QN8AW4r3MYpUpZBjR60QD
JypO4oikpJtnLdNVDqFz
=PSt3
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to