Your message dated Tue, 6 May 2025 21:59:06 +0200
with message-id <[email protected]>
and subject line Re: Accepted wordpress 6.8.1+dfsg1-1 (source) into unstable
has caused the Debian Bug report #880868,
regarding wordpress: CVE-2012-6707
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
880868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880868
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wordpress
Version: 4.8.3+dfsg-1
Severity: normal
Tags: security upstream
Forwarded: https://core.trac.wordpress.org/ticket/21022
Control: found -1 4.1+dfsg-1
Hi,
the following vulnerability was published for wordpress, this
bugreport is mainly just to track the upstream report. A patch has
been posted several months ago on that upstream bugreport at [1]/
CVE-2012-6707[0]:
| WordPress through 4.8.2 uses a weak MD5-based password hashing
| algorithm, which makes it easier for attackers to determine cleartext
| values by leveraging access to the hash values. NOTE: the approach to
| changing this may not be fully compatible with certain use cases, such
| as migration of a WordPress site from a web host that uses a recent PHP
| version to a different web host that uses PHP 5.2. These use cases are
| plausible (but very unlikely) based on statistics showing widespread
| deployment of WordPress with obsolete PHP versions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2012-6707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707
[1] https://core.trac.wordpress.org/ticket/21022
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 6.8.1+dfsg1-1
Finally done :)
On Tue, May 06, 2025 at 09:50:26AM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Tue, 06 May 2025 19:31:29 +1000
> Source: wordpress
> Architecture: source
> Version: 6.8.1+dfsg1-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Craig Small <[email protected]>
> Changed-By: Craig Small <[email protected]>
> Changes:
> wordpress (6.8.1+dfsg1-1) unstable; urgency=medium
> .
> * New upstream source
> Checksums-Sha1:
> fbade505f231cc76d8be244d4b2cf88b3172da6a 2422 wordpress_6.8.1+dfsg1-1.dsc
> c03e86b6a11346190a6348e3276a7e992a33b90e 22351952
> wordpress_6.8.1+dfsg1.orig.tar.xz
> 94fb0bd99acfb8b6002c2fe645fef11418982e63 6913148
> wordpress_6.8.1+dfsg1-1.debian.tar.xz
> 01cd52a51b6065227a79780e64f209cddbaa89c4 7600
> wordpress_6.8.1+dfsg1-1_amd64.buildinfo
> Checksums-Sha256:
> 7e6c7d9fc57a89bffd40a2887792a926fbec0422696b2a3bf3ef536313414abc 2422
> wordpress_6.8.1+dfsg1-1.dsc
> 5cef693ffed4ad102c9012a0dc1112058401f7c447bde9384e05b7f9fcc68249 22351952
> wordpress_6.8.1+dfsg1.orig.tar.xz
> 3aa4fb10cd8afd76284d2f4d3aec727446f9d1861787a8c0dd4b938fdda7840e 6913148
> wordpress_6.8.1+dfsg1-1.debian.tar.xz
> 32e3010695e292539db88f181da4bfff68d14c9e21afaf1d88575632ba53a122 7600
> wordpress_6.8.1+dfsg1-1_amd64.buildinfo
> Files:
> c180d0512ec1b568a5a260e9833fbed1 2422 web optional
> wordpress_6.8.1+dfsg1-1.dsc
> 6931a2837760eb5b61f27302c7ed3db8 22351952 web optional
> wordpress_6.8.1+dfsg1.orig.tar.xz
> 33d7a3edc6a4eba7432b2ee2abcc8fdf 6913148 web optional
> wordpress_6.8.1+dfsg1-1.debian.tar.xz
> 0282ce021b3c8c5a04d7cd69c3b0f10a 7600 web optional
> wordpress_6.8.1+dfsg1-1_amd64.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAmgZ128ACgkQAiFmwP88
> hOMFDw//fdZGQdk6N0KffRFnIX85KGN1vEw/EbmoVoAFh47kZzBNVWMQFiXuQTHE
> rjEIPNzYXu9+ogwitB4RVOWSFrL4MvtTSbvOo2Vkkh5NOR/jmFa25Rtl6GkNTBbb
> /IhY34jkOs3LgtwenoB2mFhgc8kY6YJHX9J7GtFPn7+oJcO8D1RQ1Jiozgg2GykP
> Hhvz6n5X46PJ0jrdp3irdEnrmA+n5pmteizLchO4sLeG2tjgZYpyxwucy1SQO3q6
> Wkabgmq16Fw9/J5NSlmpQPadRbrbmyuQRFUL5d+Xytmcop+ojHsSC6JoziLBVhK+
> p8V3+QHLEd8U+hxR0K5uHj1yf9AL3/qNCuhBoXFuiatbF21pn1FS23rfskyRmq0O
> H2fC448N6wRJF/kLaOyFvjlXSTmx2O+7vJp2oOVVnTUA+W2QWuRBMlBM7HRZzuun
> pVMdYqdX9NnJ7qxVLSS7EOOBvtmsohhLyu3qTsicRaX+I2E61HhtSjU9GWMvk8lU
> ztJF3GIgFncoT7QLtTC6XWfUQW7FrkLNp1/4k5i4PI/bp1xy8oEc9myb8Wr5x9/S
> aZqJkKMrA6Zv13e1TIuot/FE0FVcKm9r+EAfd3vwtWeyddBpAaliK5+L1zL0MxbQ
> GfS5mnrnoYB+tQ5TMo+/MKTHaVLx2WU9Eu9Nm0Reevc9l0nRmKg=
> =1hd7
> -----END PGP SIGNATURE-----
--- End Message ---