Your message dated Wed, 9 Apr 2014 23:14:34 +1000 with message-id <20140409131434.gb32...@enc.com.au> and subject line Re: Bug#744018: Wordpress 3.8.2 fixes two vulnerabilities [CVE-2014-0165 CVE-2014-0166] has caused the Debian Bug report #744018, regarding Wordpress 3.8.2 fixes two vulnerabilities [CVE-2014-0165 CVE-2014-0166] to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 744018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Severity: serious Tags: security fixed-upstream patch Hi, Wordpress 3.8.2 was released which fixes two security issues and several more bugs. http://wordpress.org/news/2014/04/wordpress-3-8-2/ CVE-2014-0165 Wordpress privilege escalation: prevent contributors from publishing posts CVE-2014-0166 Wordpress potential authentication cookie forgery Can you see to it that this is fixed in unstable? I'm not sure if these vulnerabilities warrant an update to stable on their own, can you advise? Thanks, Thijssignature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---Package: wordpress Version: 3.8.2+dfsg-1 The changelog had the wrong bug number in it. New upstream release Fixes CVE-2014-0165, CVE-2014-0166 and Closes: #744018 Can't believe I typoed that. -- Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
--- End Message ---