Your message dated Fri, 05 Feb 2016 10:24:12 +0000
with message-id <[email protected]>
and subject line Bug#813697: fixed in wordpress 4.4.2+dfsg-1
has caused the Debian Bug report #813697,
regarding wordpress: New version available: 4.4.2 (CVE-2016-2221 CVE-2016-2222)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
813697: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Version: 4.4.1+dfsg-1
Severity: important
Dear Maintainer,
Version 4.4.2 was released two days ago, with the following security fixes:
* #36435 HTTP: 0.1.2.3 is not a valid IP.
* #36444 Better validation of the URL used in HTTP redirects.
Please consider packaging and uploading this fixed version to unstable.
Thanks.
-- System Information:
Debian Release: 8.1
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 4.4.2+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Feb 2016 20:34:42 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen
wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen
Architecture: source all
Version: 4.4.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 813697
Changes:
wordpress (4.4.2+dfsg-1) unstable; urgency=medium
.
* New upstream release Closes: #813697
* Fixes open redirection attack CVE-2016-2221
* Fixes possible SSRF for local URIs CVE-2016-2222
Checksums-Sha1:
7e44b48ffeb7462bde98e12ae16fa52cf0b8294b 2517 wordpress_4.4.2+dfsg-1.dsc
ed7bbd55a01fa948d79e70054cca635803842fac 5457748
wordpress_4.4.2+dfsg.orig.tar.xz
b0a833ddc7c4ff4ab2683563ddee5c0db8517ff7 6054556
wordpress_4.4.2+dfsg-1.debian.tar.xz
1f5104e83dc51ec2f07e28b95562064193732969 4364548
wordpress-l10n_4.4.2+dfsg-1_all.deb
8355fe0bfb05ccf28a47de8b9a60c770e2785298 502588
wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
32b753c15763ef01e49601e3c5cbac0caed8d2ca 804004
wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
2b725ea28463daf78bea09ceb5ef5deb313d30eb 587798
wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
76e7741a51ba7f40990ef76278042e47ae1ab671 3543304 wordpress_4.4.2+dfsg-1_all.deb
Checksums-Sha256:
426155d0b502004aeedbcf96c2bb026a63e93667cd6f0d3aa5dd351004c9c29a 2517
wordpress_4.4.2+dfsg-1.dsc
cc7271f00fd351eb752afaf28ba59da7e536d873fd79ab3e00e0fc1663230360 5457748
wordpress_4.4.2+dfsg.orig.tar.xz
ff45d83fa89ee3462ce3bb7b3221a79ec9d8afd24069b1c1762c3a7045da9f87 6054556
wordpress_4.4.2+dfsg-1.debian.tar.xz
280e404f3fb8dae551389c1ead196d186d395de513c98605d213ec226ccf1345 4364548
wordpress-l10n_4.4.2+dfsg-1_all.deb
bd1cfe1403b1bf492cbd55640fcdbf9d33818414ef66a73a1ac9ab425c9038de 502588
wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
cddda245df0081b28ea5cd74f055bdda5cb91c9bd8b2e53291c12237c943de5d 804004
wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
2de32323cfd5f9cbff8659d15f9a5292ab35bb66b8d766b1ee292136887c6eab 587798
wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
6d2ef83738398bca029f8ad8170cc040afa30da33946896295066bc9d571294d 3543304
wordpress_4.4.2+dfsg-1_all.deb
Files:
1c8ca1ab5293d7de68b7f458b58ab90b 2517 web optional wordpress_4.4.2+dfsg-1.dsc
95daa6fc3c1e7773fa1b7e47876b1442 5457748 web optional
wordpress_4.4.2+dfsg.orig.tar.xz
24cb005f0f0c923cc0ed74e06b21ef63 6054556 web optional
wordpress_4.4.2+dfsg-1.debian.tar.xz
834f4e8c9f6346b214f0d1f47226dded 4364548 localization optional
wordpress-l10n_4.4.2+dfsg-1_all.deb
2d1d053fcdccbb52671c20f893ffa475 502588 web optional
wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
37730d693f467fe71eee6a00d64ef8b9 804004 web optional
wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
ef4cf098bfd6bda8af525b88215bb7c4 587798 web optional
wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
57beb1834fe7e2edcd06b07772967e08 3543304 web optional
wordpress_4.4.2+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWtG4+AAoJEAIhZsD/PITjhn4QAJ4mrIp0lxE7SnVVvcMfJ/hX
eSHMizy+V9xKofJljtgkGeSY3x18bYodHHgeqjUYXOcuDADl60OIqNoQ9JJL/fRo
edhAL/lUj/FJuV3Lij3E7TqruK13cRK7kvRz1kX5Q3xUZ71mt0ZaNxDeCITMCShw
KKUeZ88/6Ng2O03agnJSUM6B2JsL8/6xVOGQ8Vrh+HmxtYkUW43yxmXhuCXBYYS1
21IwVc6IJDxgjm/dKv+5498aPsw6QI2zUeqQfcVrbafdQ4/menFPcxOnmDI1VSUE
E3SN4Py2ExtiFt6uBg/zQ3npuKvmdMZDrA/vrhCslGjq7luBCqx5SaiLrHTU44GM
cqiakuJgLUznf2LkivAd5kynJgvZc1n42wHJEbLGQ4gWRNcQjHbsupwIA2lTRUE5
hBY+RthWubz3Aumrn59Aj19qKeZcqDEmYFtdMKRXpS0xQ2XWTRfvcgAaA5LIIXpB
fULsrG76l6cPx6aWd2LWHElCdGK1bb5Nz4Qso12mR12ledC+Z92R961oVec7kTff
MruLGC679bczHN6ANmvdJxyxk7nA1CoH1kULMekhJqmyCELvRRG2osDxa0V08wzr
lLIT+icc4caTJQIpWexiBYZuThnlYIF99r0a01ITrpnT1go3h5nfJoXJ4tX9gb3C
eze1idLouzXCFbayBe1Y
=LYrn
-----END PGP SIGNATURE-----
--- End Message ---
