Your message dated Wed, 9 Apr 2014 23:14:34 +1000
with message-id <20140409131434.gb32...@enc.com.au>
and subject line Re: Bug#744018: Wordpress 3.8.2 fixes two vulnerabilities
[CVE-2014-0165 CVE-2014-0166]
has caused the Debian Bug report #744018,
regarding Wordpress 3.8.2 fixes two vulnerabilities [CVE-2014-0165
CVE-2014-0166]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
744018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wordpress
Severity: serious
Tags: security fixed-upstream patch
Hi,
Wordpress 3.8.2 was released which fixes two security issues and several more
bugs.
http://wordpress.org/news/2014/04/wordpress-3-8-2/
CVE-2014-0165
Wordpress privilege escalation: prevent contributors from publishing posts
CVE-2014-0166
Wordpress potential authentication cookie forgery
Can you see to it that this is fixed in unstable? I'm not sure if these
vulnerabilities warrant an update to stable on their own, can you advise?
Thanks,
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Package: wordpress
Version: 3.8.2+dfsg-1
The changelog had the wrong bug number in it.
New upstream release Fixes CVE-2014-0165, CVE-2014-0166
and Closes: #744018
Can't believe I typoed that.
--
Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au
Debian GNU/Linux http://www.debian.org/ csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
--- End Message ---
