Re: [Mageia-dev] Freeze push: wordpress 3.5.1
> To: mageia-dev@mageia.org > From: luigiwal...@yahoo.com > Date: Fri, 25 Jan 2013 17:00:29 + > Subject: Re: [Mageia-dev] Freeze push: wordpress 3.5.1 > > FundaWang writes: >> Could wordpress 3.5.1 be pushed? It addresses the following security issues: > > Do they affect Mageia 2? I think yes, but I'm very confused about wordpress's development. They do have branches/3.4 in their repository, and they do update it, but there won't be any releases from that branch if new branch be created.
Re: [Mageia-dev] Freeze push: wordpress 3.5.1
FundaWang writes: > Could wordpress 3.5.1 be pushed? It addresses the following security issues: Do they affect Mageia 2?
Re: [Mageia-dev] Freeze push: wordpress 3.5.1
Le 25/01/2013 06:07, FundaWang a écrit : > Hello, > Could wordpress 3.5.1 be pushed? It addresses the following security issues: > * A server-side request forgery vulnerability and remote port scanning using > pingbacks. This vulnerability, which could potentially be used to expose > information and compromise a site, affects all previous WordPress versions. > This was fixed by the WordPress security team. We’d like to thank security > researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. > * Two instances of cross-site scripting via shortcodes and post content. > These issues were discovered by Jon Cave of the WordPress security team. > * A cross-site scripting vulnerability in the external library Plupload. > Thanks to the Moxiecode team for working with us on this, and for releasing > Plupload 1.5.5 to address this issue. > Regards. Done -- Anne http://mageia.org
[Mageia-dev] Freeze push: wordpress 3.5.1
Hello, Could wordpress 3.5.1 be pushed? It addresses the following security issues: * A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. * Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. * A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. Regards.
Re: [Mageia-dev] Freeze push: wordpress
Damien Lallement skrev 11.5.2012 16:28: Please submit wordpress, we need this update in order not to break upgrade from 1 (same mkrel but subrel...). This update fix this and add the good requires and fix the README.urpmi for the good path of the configuration file. Thanks! Sumbitted. -- Thomas
[Mageia-dev] Freeze push: wordpress
Please submit wordpress, we need this update in order not to break upgrade from 1 (same mkrel but subrel...). This update fix this and add the good requires and fix the README.urpmi for the good path of the configuration file. Thanks! -- Damien Lallement twitter: damsweb - IRC: damsweb/coincoin
Re: [Mageia-dev] Freeze push: wordpress
22.04.2012 05:28, Funda Wang skrev: > Hello, > > Could somebody push wordpress 3.3.2 into cauldron? It fixes > CVE-2012-2399, CVE-2012-240[0-4]. > > Thanks. Pushed. -- Thomas