Accepted wordpress 3.3.2+dfsg-1~squeeze1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 May 2012 23:00:46 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.3.2+dfsg-1~squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Closes: 670124
Changes:
wordpress (3.3.2+dfsg-1~squeeze1) stable-security; urgency=low
.
* Import wordpress from Wheezy to fix all the security issues present in
Squeeze. This fixes:
- CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127,
CVE-2011-3128, CVE-2011-3129, CVE-2011-3130 (multiple unspecified
vulnerabilities) which were allocated from
the Wordpress 3.1.3 / 3.2 beta2 release announcement
- CVE-2011-4956 (missing input sanitization) and CVE-2011-4957 (missing
URL length check in make_clickable() function) allocated from Wordpress
3.1.1 release announcement.
- CVE-2012-2399 (unspecified vulnerability in
wp-includes/js/swfupload/swfupload.swf), CVE-2012-2400 (unspecified
vulnerability in wp-includes/js/swfobject.js), CVE-2012-2401 (Same-Origin
Policy bypass in Plupload plugin), CVE-2012-2402 (access restriction
bypass by authenticated site administrators), CVE-2012-2403 (Wordpress
supports clickable links inside attributes, making it easier to conduct
XSS attacks) CVE-2012-2404 (Wordpress supports offsite redirects,
making it easier to conduct XSS attacks), which were allocated from the
3.3.2 release announcement. closes: #670124
* debian/wordpress.linktrees:
- don't symlink TinyMCE, it's too old in Squeeze.
- don't deduplicate jquery, same thing.
- don't deduplicate jquery-form, doesn't exist in Squeeze.
* debian/control:
- drop build-dep on tinymce, libjs-jquery and libjs-jquery-form, we'll use
the embedded versions.
Checksums-Sha1:
9317a6b281ca70f2d4af3acfe8e37f33be38f6b9 2123 wordpress_3.3.2+dfsg-1~squeeze1.dsc
bc70e62569cda9d0dd13b9210d5df64b5d7cde52 3893105 wordpress_3.3.2+dfsg.orig.tar.gz
760c22148fb5d7af75629fd68f9faba2cb8212a9 13970688 wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz
792afe139ac350bccb2585bd4c309c9b128072c8 3862096 wordpress_3.3.2+dfsg-1~squeeze1_all.deb
8a4927fb760f6985905157320f12cf1ce444b905 6535922 wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb
Checksums-Sha256:
0b25d6c682b4ad0b357b138bea565c76d88d741a0c18748ef02a7ee57c4d17d9 2123 wordpress_3.3.2+dfsg-1~squeeze1.dsc
1812098d4c3ba35f0b64c5e2af21c24f6c530c2d680f9cee78bc138615b607fb 3893105 wordpress_3.3.2+dfsg.orig.tar.gz
fbb6e00b17e6dad5564d2daadf76995a2b5793f1b078e48139310810c11f2957 13970688 wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz
4a07b967af497a19660e4cca426cc97576b9211ab992409f93c72ab5c104fd89 3862096 wordpress_3.3.2+dfsg-1~squeeze1_all.deb
daa128fe4e4794639c5249f1b807b90ffef19f8f5c733d4370bbc289aa085ef3 6535922 wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb
Files:
cdd10cd122bb204cff70a50d7069d302 2123 web optional wordpress_3.3.2+dfsg-1~squeeze1.dsc
f8f90cab2ed60a94a430410423acfda6 3893105 web optional wordpress_3.3.2+dfsg.orig.tar.gz
04408f7c7645117dd9f6eb4afa77186b 13970688 web optional wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz
0e8891b4bd247ac4484bd47d1fa37a60 3862096 web optional wordpress_3.3.2+dfsg-1~squeeze1_all.deb
f9b3616617fbb87106c2a8ed42a3ebf9 6535922 localization optional wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPrKcdAAoJEDBVD3hx7wuoO9cP/Al0M3xo4DKNY8FJrEgE9QL5
VSmTn8iFJSH5llvN8uuQ4LSZAbzfBPLYJoZTctezaO6KigQD4NjXPzJYCghFvr2D
6FPGpbsiM9gbHASGa91p8ujuVRwo1IIttU01Gmlzo+dk2WQjobLdz5poVfK3qjC5
EUK1OvgjnWC31hxuSqespAfCpf4vZZCdMlmdYRWHdCOvVMwFlXwUCCLh8l/nFblN
JHjxV/xXwubyGi8OqtW2L0CNFuaR7eCVfXF85LqLKdAFsq6Qph7sXkBC8dExf4Oq
8uztZoG3Hfc/pZd1LNhFi0sXbc14AuA5eSOBkat/veHCeJL1ba9OIIuSC0DO5MML
eMbXegr9RQ6Xn4jxeCL8iTmgP38QBnFIip1o5sbNP5y/SqCYZuCzrWe0lE8eoPUW
TCipq+MPrQe3h6kXBsMYW2Kaq5raUr1x96Id4JzUVttJSPnj6rrKYCiCjnbZzXsk
sWmuuG6LPBRr6pSE6l2qzrqhWfIBCgLX89AHvawOsAeh5cB9wiR4jSEgadRT5Xhh
vkSg1iLqErGm6Uu6fuhh8Bm7+GPGlDFB2xRzQoC3EwZzE/znHv/sZjCIbjBOFMKv
j26T/hrUYumrRFouGddoT+lh9wQwbxsMg4ncby1XN4I0vVMrkORWvLHZkZnENcpm
t6glXuJnEwIA+iUer19Q
=iwR+
-----END PGP SIGNATURE-----
Reply to: