Accepted wordpress 4.3.1+dfsg-1~bpo8+1 (source all) into jessie-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 18 Sep 2015 16:24:12 -0300
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.3.1+dfsg-1~bpo8+1
Distribution: jessie-backports
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Rodrigo Campos <rodrigo@sdfg.com.ar>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 230034 237137 250812 251653 255121 275814 276112 287086 288613 298563 298571 300200 300757 312721 319007 320462 323040 326685 328554 328909 345508 347339 348458 355055 355958 362171 363580 367001 369014 372128 379118 382283 384800 405299 405691 407116 407496 409258 413171 428073 429194 429346 430781 435289 435848 440572 447492 459305 461584 461617 464170 473451 475284 477910 478257 478515 485807 490977 496240 497216 497524 500115 500295 500296 501507 504242 506685 507356 507981 511312 514447 514845 517969 531736 533387 536724 537146 539411 541102 541199 541371 544473 549436 551380 551841 555729 556902 561832 566224 575985 585784 586764 590859 591195 592502 602732 605603 605880 606657 607240 613283 616400 623557 625773 639733 639980 646729 652041 658395 658508 670124 675469 677534 677889 678842 680721 684628 686228 693122 697208 698916 700289 713947 722537 722552 723074 723819 732914 733726 736514 736688 736804 744018 748965 757312 762523 770425 772205 772862 773075 773079 783
333 783334 783554 784603 784689 786427 794560 798350 799140
Changes:
wordpress (4.3.1+dfsg-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
wordpress (4.3.1+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Fixes CVE-2015-5714 CVE-2015-5715 Closes: #799140
.
wordpress (4.3+dfsg-2) unstable; urgency=medium
.
* Backport changeset 33646 to fix cron entries Closes: #798350
.
wordpress (4.3+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Adjusted some wp-content directories
* Added symlink for themes
.
wordpress (4.2.4+dfsg-1) unstable; urgency=high
.
* New upstream release
* Security fix for 3 XSS and a SQL injection bugs Closes: #794560
.
wordpress (4.2.3+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Moved theme to Recommends Closes: #784689
* Remove reference to TODO Closes: #786427
.
wordpress (4.2.2+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Fixes security bug in themes on genericons Closes: #784603
.
wordpress (4.2.1+dfsg-1) unstable; urgency=high
.
* New Security release Closes: #783554
* Patches another XSS due to field length
.
wordpress (4.2+dfsg-1) unstable; urgency=high
.
* New upstream release
* Fixes security bugs:
- XSS vulnerability
- files with invalid or unsafe names could be added
- another limited XSS
- some plugins vulnerable to SQL injection
* README.debian: Added permission note for config file Closes: #773079
* Added php5-ssh2 to suggests Closes: 783333
* Added nginx/php5-fpm example Closes: #783334
.
wordpress (4.1.1+dfsg-1) unstable; urgency=medium
.
* New upstream release
.
wordpress (4.1+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Changed trigger to noawait Closes: #772862
* Updated apache example Closes: #773075
* Updated to standards 3.9.6
* Added getid3 and mediaelement to linktree Closes: #762523
* Removed two unbuildable mediaelement files
.
wordpress (4.0.1+dfsg-2) unstable; urgency=medium
.
* Fixed i18n updates
* twentyfourteen theme has translations Closes: #772205
.
wordpress (4.0.1+dfsg-1) unstable; urgency=high
.
* New upstream release
* Fixes several security bugs Closes: #770425
- Three cross-site scripting issues that a contributor or
author could use to compromise a site.
- A cross-site request forgery that could be used to trick a
user into changing their password.
- An issue that could lead to a denial of service when
passwords are checked.
- Additional protections for server-side request forgery
attacks when WordPress makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s
account to be compromised, that also required that they
haven’t logged in since 2008.
- WordPress now invalidates the links in a password reset email
if the user remembers their password, logs in, and changes
their email address.
.
wordpress (4.0+dfsg-1) unstable; urgency=medium
.
* New upstream release
.
wordpress (3.9.2+dfsg-1) unstable; urgency=high
.
* New Upstream release
* Fixes XML Security bug Closes: #757312
.
wordpress (3.9.1+dfsg-1) unstable; urgency=medium
.
* New upstream release
* Use system CA certificate file Closes: #748965
.
wordpress (3.9+dfsg-1) unstable; urgency=medium
.
* New upstream release
* 3.9 seems to handle different locations for plugins so the
plugin directory handling patches have been cut back.
.
wordpress (3.8.3+dfsg-1) unstable; urgency=medium
.
* New upstream release - fixes Quick Draft tool that broke in 3.8.2
.
wordpress (3.8.2+dfsg-1) unstable; urgency=high
.
* New upstream release Fixes CVE-2014-0165, CVE-2014-0166
and Closes: #744018
.
wordpress (3.8.1+dfsg1-2) unstable; urgency=medium
.
* Updated copyright file Closes: #736514
.
wordpress (3.8.1+dfsg1-1) unstable; urgency=medium
.
* Added Breaks/Replaces for combined wordpress Closes: #736688
* Removed moxieplayer.swf and added missing sources Closes: #736804
.
wordpress (3.8.1+dfsg-1) unstable; urgency=medium
.
* New upstream release.
* Depend on either mysql or mariadb client Closes: #732914
.
wordpress (3.8+dfsg-1) unstable; urgency=low
.
[ Pablo Vazquez Martinez ]
* Split themes in different binary packages. Closes: #723819
.
[ Craig Small ]
* New upstream release. Closes: #733726
* Update Standards-Version to 3.9.5.
* New Maintainer
.
wordpress (3.7.1+dfsg-1) unstable; urgency=low
.
* New upstream release.
* Enable usage of php5-mysqlnd as an alternative to php5-mysql.
Closes: #722552
* Improve wp-setup to cope with plugins/themes directories with
spaces. Thanks to Oskar Liljeblad <oskar@osk.mine.nu> for the patch.
Closes: #723074
* Refresh patches
.
wordpress (3.6.1+dfsg-1) unstable; urgency=high
.
* New upstream security release. Fixes CVE-2013-4338 CVE-2013-4339
CVE-2013-4340. Closes: #722537
.
wordpress (3.6+dfsg-1) unstable; urgency=low
.
* New upstream release.
* Improve wp-settings to verify that $_SERVER['HTTP_X_FORWARDED_PROTO']
exists before accessing it (avoids a PHP notice).
Thanks to Paul Dreik <slask@pauldreik.se> for the report and the patch.
* Document in README.Debian the need to login to /wp-admin/ to complete
an upgrade.
* Drop useless debian/README.source
* Drop 008CVE2008-2392.patch since upstream now disables unfiltered
uploads by default. See http://core.trac.wordpress.org/ticket/10692
* Drop 009CVE2008-6767.patch since the backto parameter is validated
against a whitelist, and externally triggered upgrades are not a
security problem as long as they work.
* Update debian/missing-sources with latest versions.
* Update upstream l10n.
.
wordpress (3.5.2+dfsg-1) unstable; urgency=low
.
* New upstream release with many security fixes. Closes: #713947
* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can
reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin.
CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
* Additional security hardening includes:
* Cross-Site Scripting (XSS) (Low Severity) when Editing Media.
CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating
Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
* Update the Vcs-Git and Vcs-Browser URLs.
* Update Standards-Version to 3.9.4.
.
wordpress (3.5.1+dfsg-2) unstable; urgency=low
.
* Only replace tinymce files by symlinks if the content is exactly the same.
Closes: #700289
* Update debian/get-upstream-i18n to include supplementary PO files
and use a more efficient method to update them. Closes: #697208
.
wordpress (3.5.1+dfsg-1) unstable; urgency=low
.
* New upstream maintenance and security release. Closes: #698916
.
wordpress (3.5+dfsg-1) unstable; urgency=low
.
* New upstream release.
* Fix sample apache.conf so that Alias directives are in the proper order
(from the most specific to the less specific). Closes: #693122
Thanks to Jérôme Marant for the report.
* Update debian/missing-sources/ with latest upstream changes.
* Update all translations.
* Try to deduplicate (i.e. replace with symlinks) backbone.js and
underscore.js too.
* Drop debian/patches/006rss_language.patch, the rss_language option
is no longer used.
* Update/refresh all other patches on top of the new release.
* Update lintian overrides and debian/wordpress.linktrees to match the
latest changes concerning javascript libraries shipped by WordPress.
* Document the loss of the twentyten theme.
.
wordpress (3.4.2+dfsg-1) unstable; urgency=low
.
* New upstream security & bugfix release.
* Also setup languages symlink in setup-mysql. Closes: #684628
Thanks to Jun NOGATA <nogajun@gmail.com> for the analysis.
* Add new patch 011support-symlinks-for-plugins.patch grabbed
in the upstream ticket to allow plugin directories to be
symlinks (which is required for the Debian package since
we put symlinks in /var/lib/wordpress/wp-content/plugins/).
Closes: #686228
.
wordpress (3.4.1+dfsg-1) unstable; urgency=high
.
* New upstream security & bugfix release. Closes: #680721
Fixes CVE-2012-3383, CVE-2012-3384, CVE-2012-3385.
.
wordpress (3.4+dfsg-3) unstable; urgency=low
.
* [f7a1c09] Drop useless postrm.
* [d92219b] Add a prerm script calling wp-setup --purge-wp-content on
remove. Closes: #678842
* [2fbf903] Allow wp-setup to symlink files as well as directories.
* [cef928f] Let wp-setup also manage
/var/lib/wordpress/wp-content/languages/.
* [ac86408] Densify output of wp-setup.
.
wordpress (3.4+dfsg-2) unstable; urgency=low
.
* [2e63535] Merge unused debian/NEWS into debian/wordpress.NEWS so that
users are correctly informed of the latest changes.
* [e3b7b1c] Improve preinst to also move the
/usr/share/wordpress/wp-content/uploads directory to its new location in
/var/lib/wordpress/wp-content/. The package never created this directory
but many users probably created it and we need to do this to let dpkg
install the symlink that we put into place.
* [5c0a29b] Add a trigger that watches /usr/share/wordpress/wp-content.
When activated, it will execute wp-setup --sync-wp-content
which updates /var/lib/wordpress/wp-content/ with symlinks
to plugins/themes that have been added and it drops symlinks
to plugins/themes which have disappeared. (Closes: #677889)
.
wordpress (3.4+dfsg-1) unstable; urgency=low
.
* New upstream release. Closes: #677534
.
[ Raphaël Hertzog ]
* [a1c0409] Refresh and update all patches to correctly apply on version
3.4.
* [3804496] Update debian/missing-sources/ to match the current versions of
embedded javascript and flash files.
* [185b051] Drop the old "default" theme (and its French translation)
* [966ce6c] Grab latest translations
* [1983326] Update Standards-Version to 3.9.3 (no change).
* [29c48b6] Increase debhelper compat level to 9.
* [73e16d0] Replace debian/dh_linktree by the packaged version.
* [359b660] Update debian/wordpress.linktrees to match latest developments.
* [645b650] Let setup-mysql lowercase the FQDN since the configuration
scheme expects this. Thanks to Chris Butler <chrisb@debian.org> for the
report (Closes: #658395)
* [5433e90] Fix setup-mysql to avoid creating /srv/www with restricted
permissions (Closes: #616400)
* [dd2ef1d] Move back wp-config.php to /usr/share/wordpress/ since it's only
a dispatcher to the real configuration file (Closes: #592502)
* [b602372] Improve wp-config.php so that WordPress works behind an https
reverse-proxy.
* [ba0b729] Entirely update and rewrite README.debian. (Closes: #575985,
#639980)
* [683a908] Update wp-config.php to not redefine constants which have
already been set. Thanks to Richard van den Berg <richard@vdberg.org> for
the report. (Closes: #613283)
* [315eb68] Let wordpress-l10n depend on the same version than wordpress.
(Closes: #623557)
* [a6d0b9f] Default configuration now sets WP_CONTENT_DIR to
/var/lib/wordpress/wp-content. And the package provides this new directory
appropriately setup with write rights to www-data on blogs.dir and
uploads. themes and plugins are root-owned directories with symlinks
pointing back to the default themes and plugins. (Closes: #675469)
* [4db98c6] Update setup-mysql to use WP_CONTENT_DIR (and no longer use
$upload_dir). (Closes: #658508)
* [a1970da] Extend debian/wordpress.linktrees to cover swfobject.js.
* [8d46dab] Use dpkg-maintscript-helper to drop obsolete
/etc/wordpress/wp-config.php
.
[ Martin Bagge / brother ]
* [56d0a34] Improve the setup script to be able to use a remote MySQL
server.
.
wordpress (3.3.2+dfsg-1) unstable; urgency=high
.
* New upstream security release. Closes: #670124
* Use the embedded copy of SimplePie until #669054 is resolved.
.
wordpress (3.3.1+dfsg-1) unstable; urgency=low
.
* New upstream security release. Fixes CVE-2012-0287.
.
wordpress (3.3+dfsg-1) unstable; urgency=low
.
* New upstream release. Closes: #652041
* [4deb832] Add all the missing sources in debian/missing-sources/.
(Closes: #646729)
* [913eba5] Refresh all patches.
* [ae61778] Use xz compression for the debian tarball to save some space.
.
wordpress (3.2.1+dfsg-3) unstable; urgency=medium
.
* Upload with urgency medium to speed up a bit the transition to testing
since the testing version is broken.
* [72d01a3] Improve dh_linktree.
It is now able to generate dependencies and to have different behaviour
for each file to replace. Modify wordpress.linktrees to ensure we have
the very same JQuery files but blindly replaces all the other files.
Drop the explicit dependencies in favor of the autogenerated dependencies.
As a side-effect this fixes installation of widgets which was broken
by the mismatch of some JQuery ui files.
* [bbce711] Add lintian overrides for warnings about the embedded copy of JQuery.
We do a reasonable effort to replace it if it matches.
.
wordpress (3.2.1+dfsg-2) unstable; urgency=low
.
* [af74ce2] Add a preinst to drop symlinks to directories for tinymce
and cropper. The new dh_linktree only symlinks files and hierarchies are
duplicated. So we have to drop symlinks to directories in the preinst,
otherwise dpkg installs the new symlinks in the tinymce/cropper
directories instead of in the wordpress ones.
Also drop the upgrade code in the postinst converting the same directories
into symlinks... (Closes: #639733)
* [0b51c4f] Invite users affected by #639733 to reinstall
tinymce/libjs-cropper.
* [55af033] Fix invalid test in postinst (upgrade → configure)
"upgrade" is not a valid parameter in the postinst. Instead
we get "configure".
.
wordpress (3.2.1+dfsg-1) unstable; urgency=low
.
[ Paul Tagliamonte ]
* [c5e4b2c] Added a get-orig-source target to recreate the DFSG-clean
tarball. It drops all the sourceless flash files. Closes: #625773
.
[ Raphaël Hertzog ]
* [d1035bd] Imported Upstream version 3.2.1+dfsg
* [b968405] Update and refresh all patches.
* [10ab97c] Drop manifest.patch because the description in its header
doesn't make any sense.
* [87537db] Update dependencies as per new upstream requirements.
* [0c534ec] Update packaging to avoid using even more embedded PHP/JS
libraries.
* [ec5c11e] Use a new dh_linktree to replace embedded PHP/JS libraries.
* [8690719] Add lintian override for embedded-php-library streams.php since
it's a false positive.
* [83c15bc] Upgrade Standards-Version to 3.9.2 (no changes needed).
* [938fb15] Update internationalization files.
* [6ac0357] Install class-smtp.php and class-phpmailer.php so that they can
be replaced by dh_linktree.
.
wordpress (3.0.5+dfsg-1) unstable; urgency=medium
.
* [077b77b] Imported Upstream version 3.0.5+dfsg
* [8d1ce17] Refreshed patches
.
wordpress (3.0.4+dfsg-1) unstable; urgency=high
.
* [9d62499] Imported Upstream version 3.0.4+dfsg
- This is critical security update, more info: http://wp.me/pZhYe-qt
.
wordpress (3.0.3.dfsg-1) unstable; urgency=high
.
* [e113893] Imported Upstream version 3.0.3.dfsg
- Re-packaged without the hello dolly plugin (Closes: #607240)
* [9d62cfd] Removed hello.patch
.
wordpress (3.0.3-1) unstable; urgency=high
.
* [014c926] Imported Upstream version 3.0.3 (Closes: #606657)
* [f29b6ac] Use GPL-compliant lyrics in the hello dolly plugin.
(Closes: #607240)
.
wordpress (3.0.2-1) unstable; urgency=high
.
[ Raphaël Hertzog ]
* [9d6922c] Improve wp-config.php to support sites on subdomains and
htaccess by providing directives ready to uncomment
.
[ Giuseppe Iuculano ]
* [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880)
- Author level SQL injection vulnerability fixed (Closes: #605603)
* [b4f2869] Refreshed debian/patches/001readme.patch
* [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732)
.
wordpress (3.0.1-2) unstable; urgency=low
.
* [e8a913f] Remove swfupload.swf from the binary package, as it cannot
be built from source, violating the Policy. (Closes: #591195)
* [92493d0] Document in Readme.Debian how to get swfupload.swf
* [3663a53] debian/get-upstream-i18n: download also configuration
files for RTL-languages (Closes: #585784)
* [8bbdc8b] Added a missing define in debian/wp-config.php (Closes: #590859)
* [34dd063] Updated language files
* [adf55b3] Install *.php configuration files for RTL-languages
.
wordpress (3.0.1-1) unstable; urgency=low
.
* [e6e4f09] Updated watch file
* [12dd7cd] Imported Upstream version 3.0.1
* [7f03621] Bump to standards-version 3.9.1, no changes needed
.
wordpress (3.0-1) unstable; urgency=low
.
[ Giuseppe Iuculano ]
* [a57d26e] Imported Upstream version 3.0 (Closes: #586764)
* [a74cd68] MU: enable multi-user by default and install the proper
blogs.dir directory
* [ffd926e] fix the blogs.dir link
* [c81081d] Adjust MU setup for Debian installations
* [c14dd9d] Update language files
* [6a7296f] Added Raphaël Hertzog in Uploaders
* [7ea24ff] Updated watch file
.
[ Raphaël Hertzog ]
* [2d1df3e] Update patch debian/patches/001readme.patch
* [58a772e] Update patch debian/patches/003installer.patch
* [332abfc] Update patch debian/patches/006rss_language.patch
* [ee99544] Update patch debian/patches/008CVE2008-2392.patch
* [b960914] Refresh patch debian/patches/009CVE2008-6767.patch
* [511eea7] Refresh patch
debian/patches/010disabling_update_note.patch
* [22c5015] Refresh patch debian/patches/manifest.patch
* [7cfe147] Switch to source format 3.0 (quilt).
* [8c86759] Add back the default theme that has been dropped upstream
* [390188e] Adjust links and rules to cope with removal of
scriptaculous/prototype.js
* [1313b13] Add package prefix to many debian/ files for clarity
* [c4e7651] Switch to dh7 tiny rules file and general cleanup of the
build process.
* [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint
repository.
.
wordpress (2.9.2-1) unstable; urgency=low
.
* [3f228c1] Imported Upstream version 2.9.2
* [7965955] Bump to Standards-Version 3.8.4 (no changes)
* [e86fd59] Updated language files
.
wordpress (2.9.1-2) unstable; urgency=low
.
* [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) -
thanks to Franck Nouyrigat
* [aa0f3a0] Allow site names with dash character. (Closes: #566224) -
thanks to Mikko Visa
* [ee0a44e] Updated language files
.
wordpress (2.9.1-1) unstable; urgency=low
.
* [a83b8fd] Imported Upstream version 2.9.1
* [216890e] Added ${misc:Depends} in Depends
* [ec95986] Updated language files
.
wordpress (2.9-1) unstable; urgency=low
.
* [fdd001e] Change wordpress-l10n section (localization)
* [625fa21] Imported Upstream version 2.9
* [dd9b536] Refreshed patches
* [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry
* [3287ec5] Updated language files (Closes: #556902)
.
wordpress (2.8.6-1) unstable; urgency=low
.
* [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki
Yamane
* [997165e] Imported Upstream version 2.8.6
* [05395e1] debian/wp-config.php: sanitize $debian_server and do not
check if $debian_file is under /etc/wordpress (Closes: #549436)
* [dc016ce] Updated language files
.
wordpress (2.8.5-1) unstable; urgency=high
.
* [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841)
- This version fixes CVE-2009-3622, Wordpress Trackback DoS
* [cad0da2] Updated languages files
* [e8438f2] Use /var/log/apache2 directory in the apache example file
(Closes: #551380)
.
wordpress (2.8.4-3) unstable; urgency=low
.
* [dc295db] Provide a more descriptive errror message if the vhost
config file is not found. (LP: #365783)
* [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) -
thanks to Arnaud Guiton
* [fd27308] Updated debian/copyright
* [94ad7d3] Split up the language files into a separate package
* [08334d7] Updated language files
* [6682ab3] Updated my email address and removed DM-Upload-Allowed
control field
.
wordpress (2.8.4-2) unstable; urgency=low
.
* [e582ddd] Removed reference about drag.gif in manifest.php, thanks
to Michel Meyers (Closes: #517969)
* [a0d70c8] Do not symlink readme.html, instead install it in
/usr/share/wordpress
* [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper
symlink to the tabfocus plugin
* [0492b02] Added a note in NEWS and README.debian about the secondary
consequence caused by the previous fix for a possible script
injection via /etc/wordpress/wp-config.php
* [6a3c803] Updated language files
.
wordpress (2.8.4-1) unstable; urgency=low
.
* [5f0812d] Imported Upstream version 2.8.4
* [e1ea94b] Switch to quilt
* [cf8904e] Removed Andrea De Iacovo from Maintainer field, thanks
Andrea for the prior work on wordpress!
* [6013bd8] Removed 007_REQUEST.patch, upstream already fixed CVE-2008-5113
in a better way
* [8da39ea] Removed 004languages.patch, it contains outdated languages
files
* [d5696ea] debian/control: Updated Vcs control field
* [89316e0] debian/rules: Comment the DH_VERBOSE export
* [cf78bf5] debian/wp-config.php: check if $debian_file is under
/etc/wordpress and mitigate a possible script injection via
/etc/wordpress/wp-config.php. Thanks to Raphael Geissert (Closes: #500295)
* [ece1c25] debian/get-upstream-i18n: Do not remove outdated language
files by default
* [59547a2] Do not embed tinymce, php-gettext and cropper. (Closes: #504242)
* [848828d] debian/postinst: Create the symlinks manually, dpkg
doesn't replace directories with symlinks. (Closes: #517969)
* [2af4aea] debian/patches/009CVE2008-6767.patch: Grant upgrade
privilege to all admin users. Thanks to Ivan Warren (Closes: #541371)
* [46e8f2b] debian/control: Removed the sentence about the French
language support, now there are a lot of language files
* [fcd94c6] debian/control: Remove outdated packages from Depends,
Suggests, and Conflicts
* [9c28177] Updated to standards version 3.8.3 (No changes needed)
* [700156e] Added a README.source (Debian Policy Manual section 4.14)
* [13a98d5] Updated language files
* [a86b72a] Do not install readme.html in doc, it doesn't contain any
relevant information for Debian users
* [25d4e8e] Updated copyright file
.
wordpress (2.8.3-2) unstable; urgency=medium
.
* [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce
activation key to be a string (Closes: #541102)
* [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop.
(Closes: #541199)
.
wordpress (2.8.3-1) unstable; urgency=medium
.
* [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411)
This release fixed several security issue:
- Privileges unchecked and multiple information disclosures.
(CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724)
- CVE-2009-2431, CVE-2009-2432: Obtain sensitive information
(Closes: #537146)
- CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php
(Closes: #531736)
* [347c164] debian/control: Added Giuseppe Iuculano in Uploaders,
added Vcs and DM-Upload-Allowed control field
* [92fb4ab] Bump to debhelper 7 compatibility levels
* [5b8536e] Refreshing patches
* [d999c0e] Added a watch file
* [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there
isn't anymore.
* [9c4d0e5] debian/get-upstream-i18n: download .xpi files into
debian/languages
* [76b7c5c] Install language files
* [a0bfad2] Move gettext in Build-Depends-Indep
* [8b607bf] Use set -e instead of passing -e to the shell on the #!
line
* [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can
upgrade wordpress. (CVE-2008-6767) (Closes: #531736)
* [d6adfbe] Disabled the the "please update" warning, thanks to Hans
Spaans and Rolf Leggewie (Closes: #506685)
* [15c360c] Updated to standards version 3.8.2 (No changes needed)
.
wordpress (2.7.1-2) unstable; urgency=low
.
* setup-mysql corrected to accept domain names with hyphens (Closes: #514447)
* wp-config.php now dies if no config file is found (Closes: #500296)
* now the static browser uploader is supported (Closes: #501507)
Users che chose to use the browser (instead of flash) to upload media files.
.
wordpress (2.7.1-1) experimental; urgency=low
.
* Merge with upstream Wordpress-2.7 (Closes: #514845)
* Corrected security regression on CVE-2008-2392.
Admins had unfiltered upload capability again.
Now this options is disabled by default and can be
enable through the security options panel.
.
wordpress (2.7-1) experimental; urgency=low
.
* Merge with upstream Wordpress-2.7 (Closes: #507356)
* README file is now more clear about Apache
configuration (Closes: #511312, #507981)
.
wordpress (2.6.2-2) experimental; urgency=low
.
* 007CVE2008-2392.patch modified.
Now users chan dinamically choose to enable unrestricted upload for admins.
.
wordpress (2.6.2-1) experimental; urgency=low
.
* Merge with upstream Wordpress-2.6.2 (Closes: #490977)
* Dependency field was changed to erase useless dependencies (Closes: #496240)
.
wordpress (2.5.1-8) unstable; urgency=high
.
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
.
wordpress (2.5.1-7) unstable; urgency=high
.
* Modified CVE2008-3747 patch. (Closes: #497524)
The old patch made the package completely unusable. The new
one should solve the issue. (Thanks to Del Gurt)
.
wordpress (2.5.1-6) unstable; urgency=high
.
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
.
wordpress (2.5.1-5) unstable; urgency=low
.
* Modified rules file to have a lintian clean package.
.
wordpress (2.5.1-4) unstable; urgency=low
.
* Added patch to fix unrestricted file upload vulnerability (Closes: #485807)
Now administrators can upload only files that are in the standard
mime-type set (Fixes CVE-2008-2392)
.
wordpress (2.5.1-3) unstable; urgency=low
.
* rss_language is now modifiable through wp-admin panel.
Thanks to Lionel Elie Mamane (Closes: #461584)
* Makes Wordpress depend on tinymce (>= 3.0.7)
.
wordpress (2.5.1-2) unstable; urgency=low
.
* Wordpress provides a MODIFIED tinymce (Closes: #478257)
* Setup-mysql script modified to handle SECURITY_KEY. (Closes: #478515)
.
wordpress (2.5.1-1) unstable; urgency=high
.
* Merged with upstream 2.5.1 security release
* CVE-2008-1930 integrity protection vulnerability (Closes: #477910)
* Depends on tinymce
.
wordpress (2.5.0-2) unstable; urgency=low
.
* New maintainer. (Closes: #473451: ITA: wordpress -- weblog manager)
* Doesn't have a sane upload directory set (Closes: #430781)
* Don't embedd prototype/scriptaculous (Closes: #475284
.
wordpress (2.5.0-1) unstable; urgency=low
.
[ Kai Hendry ]
* New Upstream Version
.
[ Lionel Elie Mamane ]
* Import translations as of 2008-04-01:
ca.po, fr_FR, id_ID, ja, pt_PT, ru_RU, sr_RS
* Update French theme to 2.5.0
.
wordpress (2.3.3+fr-2) unstable; urgency=low
.
* Update French translation to 2.3.3 upstream version.
.
wordpress (2.3.3+fr-1) unstable; urgency=low
.
* Add French language support back (accidentally dropped in 2.3.2-1,
closes: #461617)
.
wordpress (2.3.3-1) unstable; urgency=high
.
* New upstream security release:
http://wordpress.org/development/2008/02/wordpress-233/
- Fix for security flaw in XML-RPC implementation (CVE-2008-0664,
closes: #464170) and http://trac.wordpress.org/ticket/5313
.
wordpress (2.3.2+fr-1) unstable; urgency=low
.
* Add French language support (Closes: #461617)
* Bump up Standards-Version to 3.7.3
* Move Homepage from description to dpkg field
* Tweak description to make it less advertisy
* Consistently prefer php5 over php4 in dependency alternatives
* Don't override local admin's idea of permissions on
/etc/wordpress/config-* on every upgrade.
.
wordpress (2.3.2-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2007/12/wordpress-232/
* new version 2.3.2 fixes security bugs (Closes: #459305)
.
wordpress (2.3.1-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2007/10/wordpress-231/
* should depend on php4-gd | php5-gd (Closes: #447492)
php4-gd | php5-gd moves from suggests to depends
* Bugs closed in this release:
http://trac.wordpress.org/query?status=closed&milestone=2.3.1
.
wordpress (2.3-1) unstable; urgency=low
.
* New upstream release
* Maintainer meets upstream:
http://flickr.com/photos/hendry/1468125949/
* http://wordpress.org/development/2007/09/wordpress-23/
.
wordpress (2.2.3-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2007/09/wordpress-223/
* wordpress debian config overrides $file, $server in upstream php
files (Closes: #440572)
.
wordpress (2.2.2-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2007/08/wordpress-222-and-2011/
* Bugs closed http://trac.wordpress.org/query?status=closed&milestone=2.2.2
* Changed files
http://trac.wordpress.org/changeset?new=branches%2F2.2%405849&old=branches%2F2.2%405725
* Several vulnerabilities detected (XSS, SQL-injection) (Closes:
#435848)
* wp-config.php breaks when accessed with port (Closes: #435289)
.
wordpress (2.2.1-1) unstable; urgency=high
.
* New upstream release
* http://wordpress.org/development/2007/06/wordpress-221/
* Needs to use libphp-phpmailer (Closes: #429346)
* [CVE-2007-3215] remote shell command injection in PHPMailer (Closes:
#429194)
* remote SQL injection vulnerability (Closes: #428073)
.
wordpress (2.2-1) unstable; urgency=low
.
* New upstream release
* http://wordpress.org/development/2007/05/wordpress-22/
.
wordpress (2.1.3-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2007/04/wordpress-213-and-2010/
* attempt to create a link into /srv/www/, directory which may not
exist (Closes: #409258)
.
wordpress (2.1.2-1) unstable; urgency=high
.
* New upstream security release
* possible security issue (Closes: #413171)
* http://trac.wordpress.org/ticket/3879
* http://wordpress.org/development/2007/03/upgrade-212/
.
wordpress (2.1.1-1) unstable; urgency=high
.
* New upstream security release
* Updated copyright with new download link
* http://wordpress.org/development/2007/02/new-releases
* http://trac.wordpress.org/milestone/2.1.1
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049
.
wordpress (2.1.0-1) unstable; urgency=low
.
* New upstream release
* http://wordpress.org/development/2007/01/ella-21/
* Thanks to #debian-devel's Sesse and seanius to help fix the execute perm
problems on wp-includes/
* Modified Blogroll to point only to Planet Debian
.
wordpress (2.0.7-1) unstable; urgency=low
.
* New upstream release
* New upstream available (security fix) (Closes: #407116)
* Thanks to Fabio Tranchitella and Moritz Muehlenhoff for their support
* Improved the copyright at Moritz's request
* Moritz says the security fix does not apply to Debian's PHP hence low
urgency
* See http://wordpress.org/development/2007/01/wordpress-207/ for details of
minor changes
* Tweaked the dependency line for better php5 support
* setup-mysql -h minor usage summary error + should be executable
(Closes: #407496)
.
wordpress (2.0.6-1) unstable; urgency=high
.
* New upstream release
* Security fix, urgency high.
* FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()"
Function Client-Side Cross Site Scripting Vulnerability.
(Closes: #405299, #405691)
.
wordpress (2.0.5-0.1) unstable; urgency=medium
.
* NMU on maintainer's request.
* Security fix, urgency medium.
* readme.html: s/license.txt/copyright/. (Closes: #382283)
* New upstream release, which fixes:
- CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup
plugin for WordPress. (Closes: #384800)
.
wordpress (2.0.4-2) unstable; urgency=low
.
* examples/setup-mysql doesn't work with dash (Closes: #372128)
* installs apache AND apache2 by default (Closes: #379118)
Many thanks to Fabio Tranchitella and Jesus Climent
* "Publish" produces broken links (Closes: #367001)
Disabled "Rich editor" by default
.
wordpress (2.0.4-1) unstable; urgency=high
.
* New upstream release
* examples/setup-mysql doesn't work with dash (Closes: #372128)
.
wordpress (2.0.3-1) unstable; urgency=high
.
* New upstream release
* 'Cache' shell injection vulnerability (Closes: #369014)
.
wordpress (2.0.2-2) unstable; urgency=high
.
* setup-mysql fails if the domain contains a port number (Closes:
#362171)
* Insecure file permissions in /etc/wordpress (Closes: #363580)
* Added a postinst to help users correct permissions
.
wordpress (2.0.2-1) unstable; urgency=high
.
* New upstream release
* 'This would have been out sooner, if I wasn't in hospital' release ;)
* Changed blogroll link to Planet Debian
* Altered 'plugin policy', it's now DIY
* mysql syntax error when running setup-mysql script (Closes: #355958)
* Several vulnerabilities discovered by 'snake oil' Neo Security Team
(Closes: #355055)
http://somethingunpredictable.com/archives/01/03/2006/wordpress-vulnerabilities-bogus/
* http://wordpress.org/development/2006/03/security-202/
.
wordpress (2.0.1-1) unstable; urgency=low
.
* New upstream release
* CSS Security Vulnerability (Closes: #328909)
* Please announce that upgrade.php needs to be run after update
(Closes: #348458)
.
wordpress (2.0-1) unstable; urgency=low
.
* New upstream release
* Closes: #320462: Wordpress replaces valid characters in urls with
HTML entities, breaking the URL
* Closes: #326685: Incorrectly mangles URLs using the wptexturize
function
* Closes: #347339: Wordpress version 2 is available
* Closes: #345508: Should have a dependancy on the php5-gd package
.
wordpress (1.5.2-2) unstable; urgency=low
.
* Now with support for PHP5
* Requires mysql-server when the server can actually be on a remote
server (Closes: #328554)
.
wordpress (1.5.2-1) unstable; urgency=high
.
* New upstream "security fix" release
* Closes: #323040: CAN-2005-2612
* See: http://wordpress.org/development/2005/08/one-five-two/
.
wordpress (1.5.1.3-4) unstable; urgency=medium
.
* 'I really should have tested this on another machine' release
* Closes: #319007: dbconfig dep screws upgrade
.
wordpress (1.5.1.3-3) unstable; urgency=low
.
* Improved the setup-mysql script for Wordpress MASS hosting with Apache's
VirtualDocumentRoot
.
wordpress (1.5.1.3-2) unstable; urgency=high
.
* The no XML-RPC vulnerabilities here release. ;)
* Strongly advised to upgrade due to inconsistencies between 1.5.1.3-1 orig
tar.gz and the upstream 1.5.1.3 latest.tar.gz after checking.
* Closes: #312721: wordpress does not see mysql
* Changed upstream's default links. Controversial?
.
wordpress (1.5.1.3-1) unstable; urgency=high
.
* New upstream release
* Yet another security release:
http://wordpress.org/development/2005/06/wordpress-1513
.
wordpress (1.5.1.2-1) unstable; urgency=high
.
* New upstream release
* Another security release:
http://wordpress.org/development/2005/05/security-update/
.
wordpress (1.5.1-1) unstable; urgency=high
.
* Upstream changelog is here:
http://codex.wordpress.org/Changelog/1.5.1
* Fixes an unannounced "important security fix"
.
wordpress (1.5.0-2) unstable; urgency=low
.
* Thanks to NOKUBI Takatsugu and the Debian Japan people for making this
release possible
* Moved mysql setup out of postinst allowing multiple blogs on the host at
the loss of automated mysql setup.
* Closes: #298563: incompatible with mysql-server-4.1
* Closes: #298571: multiple installation support
* Closes: #300200: multiple installation support
* Closes: #300757: How would one add plugins to wordpress ?
.
wordpress (1.5.0-1) unstable; urgency=high
.
* Closes: #275814: New version fixes security flaws
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1559
* Closes: #288613: /usr/share/wordpress/readme.html missing
* Closes: #287086: new upstream 1.2.2
* Added some NEWS that users will find helpful in the upgrade
.
wordpress (1.2.2-1.1) unstable; urgency=medium
.
* NMU
* Thank you Dominic Hargreaves and svn-upgrade
.
wordpress (1.2.1-1.1) unstable; urgency=medium
.
* NMU
* Closes: #275814: New upstream release that fixes security problem
detailed: http://secunia.com/advisories/12773/
* Closes: #276112: Need more complete README.Debian for new users
Added some detail to README.Debian
* Escaped a mysql line in the postrm that might avoid a bug.
.
wordpress (1.2.0-1.1) unstable; urgency=low
.
* NMU
* Closes: #250812: New upstream
* Closes: #251653: apache2 support
* Closes: #255121: conffiles not marked
* Revised dependency on mysql-server otherwise debian-sys-maint will never work
* Thanks to Teemu Hukkanen, Corey Wright, Christian Hammers and Matt Mullenweg
.
wordpress (1.0.2-1) unstable; urgency=low
.
* New upstream release
* New package description (Closes: #237137)
* Made a plain text version of readme.html
.
wordpress (1.0.1-1) unstable; urgency=low
.
* Initial release (Closes: #230034)
Checksums-Sha1:
a5a02bbdda5631507a175eabbcfafd1d217c254a 2595 wordpress_4.3.1+dfsg-1~bpo8+1.dsc
6b7417d5cdb0fea3b764a71f905aace05c8ae417 4984864 wordpress_4.3.1+dfsg.orig.tar.xz
decb77d23e03576016f105b4c92ca4106354f56c 6093252 wordpress_4.3.1+dfsg-1~bpo8+1.debian.tar.xz
e31417f4094ba54c3f2bfb49cc8925b4096f1220 3417984 wordpress_4.3.1+dfsg-1~bpo8+1_all.deb
60a4c2ab9d5e337595768808b8edac2b1407146d 4237728 wordpress-l10n_4.3.1+dfsg-1~bpo8+1_all.deb
2df90be485b942e400c85ce47f969a4e90bc23fc 501880 wordpress-theme-twentyfifteen_4.3.1+dfsg-1~bpo8+1_all.deb
70a458f72a2d95383b014440a32e4b5f0308940a 801378 wordpress-theme-twentyfourteen_4.3.1+dfsg-1~bpo8+1_all.deb
2dde93d68c3aa9d7257ade53198e46c61805d44c 321038 wordpress-theme-twentythirteen_4.3.1+dfsg-1~bpo8+1_all.deb
Checksums-Sha256:
afe2bc4be53b47f0e7538ac7801a36c2dd7afee878d3f9e5922f1c351ba174d1 2595 wordpress_4.3.1+dfsg-1~bpo8+1.dsc
6f65c639d8100f74159e3d24159f1149f042c17bc9e185038571a3840b227351 4984864 wordpress_4.3.1+dfsg.orig.tar.xz
8419270c65d1b51c323ccd52a4c7d15ed4cfeffbcd75262c5a04f0bb8c968981 6093252 wordpress_4.3.1+dfsg-1~bpo8+1.debian.tar.xz
c41fa4d8b6ca14dc19eacc78ee4076d4b2a2e9cfe338e2bd7dacb5d62baeec97 3417984 wordpress_4.3.1+dfsg-1~bpo8+1_all.deb
73cb64b2532b3ce7cd9623f14de7565bfa936cdfa3d3e0215c97677658c37fbe 4237728 wordpress-l10n_4.3.1+dfsg-1~bpo8+1_all.deb
65deb0b882d02b3183c1a35a6c7ad80379a7fca01bd02b72a621919942e3a2f7 501880 wordpress-theme-twentyfifteen_4.3.1+dfsg-1~bpo8+1_all.deb
726217b7f8299378ad211d1073c59ad7ca1c12e4494b3fe1c30ed9da9cec38f0 801378 wordpress-theme-twentyfourteen_4.3.1+dfsg-1~bpo8+1_all.deb
0844f2dde6e5d678e4a6747204eba60e2ebc3028cceeb09ea5606dd40f94b7ac 321038 wordpress-theme-twentythirteen_4.3.1+dfsg-1~bpo8+1_all.deb
Files:
8446cd5395d135af714a1c052fb7b0d1 2595 web optional wordpress_4.3.1+dfsg-1~bpo8+1.dsc
cd5e69fb0a02e6eae658643cda0e5b63 4984864 web optional wordpress_4.3.1+dfsg.orig.tar.xz
0035aa07448f4d5464c8561b6f753465 6093252 web optional wordpress_4.3.1+dfsg-1~bpo8+1.debian.tar.xz
3d41f3d9008fa0805237016bb2ed6dab 3417984 web optional wordpress_4.3.1+dfsg-1~bpo8+1_all.deb
3af6fb1946942b54bb4fac00ad70b462 4237728 localization optional wordpress-l10n_4.3.1+dfsg-1~bpo8+1_all.deb
562f9cc5def407d45df31f0592316c89 501880 web optional wordpress-theme-twentyfifteen_4.3.1+dfsg-1~bpo8+1_all.deb
9f66171122297f620809a3d1ae2e16b5 801378 web optional wordpress-theme-twentyfourteen_4.3.1+dfsg-1~bpo8+1_all.deb
24be864cba743830563c9a04ad75949d 321038 web optional wordpress-theme-twentythirteen_4.3.1+dfsg-1~bpo8+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJV/HspAAoJEDk4+WvfUP6lYgYP/3iud2bm8V1kEhDDpjv9GSOy
i1uZtWTDdIvH+BxNYD8aDay31n4bf1bqOdHTAVJoVEYkjjlhqmA4XMrem2H8x8Wa
63L/YXmi1xyCXEAVXsUxvtQIBm2i8p+VU38ahgwK9dnJhFvWBKw2+DZpeRipBiK4
YeN4b6pTy87TxWIX4reGNcvFPWcjHqqljHcbjhfIZcOb4ndelRcNG6uVc05H+xWh
dnIsnCTVYQ69sYrlsc2ZkomdPSt/ypcImFo7MoYE5pE36PyaUU3P922QRRolscZp
0epSIbpSDkWAoFHVo5sN0vZv/KcSyKiqhsp6RxVvQjr96Tt+kp3kOsL9/WKpjuqt
f5tVxhcZlap5oqBchvI+BZ8YRQadal8eJzz6qDuL/jpsdtUw9m29C0wQ8VQyt5jq
6LHxbIyxBCsxZKBR9QHhpb/RF+KPAK94l1tZfk6zr01UUVCrfRuccXlBp3Gp//G3
QyMuU6EMoyP3GM0Kijs9WuTCKszmmPkwWM54SocUmxC2k9rhXuGvpUL7Y8+BOK7k
pGN/iz73AGROfNwuKxqg2/dOJLwEjEhdHTQUpzrj+yU8P1ObVlQqZZD5gGjRt2Eg
oIqY+LRLJtL5CknbqWmW5DZjDA+US2R8Beqbv4vRmmzhBuEsvln2Ig2M0XxbKZ8E
4B+Cbp2euVTJyaYBf1nj
=s5CP
-----END PGP SIGNATURE-----
Reply to: