Bug#568729: pu: package wordpress/2.5.1-11+lenny3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I prepared an upload to fix a minor security issue in wordpress.
Debdiff attached.
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktuqGYACgkQNxpp46476arliQCgnASlYiS3suRzVWaorpKCPwKD
gtoAoJetoPnqqeSfvakm0tGrl2c++Oul
=Uaka
-----END PGP SIGNATURE-----
diff -u wordpress-2.5.1/debian/changelog wordpress-2.5.1/debian/changelog
--- wordpress-2.5.1/debian/changelog
+++ wordpress-2.5.1/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (2.5.1-11+lenny3) stable; urgency=low
+
+ * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+ -- Giuseppe Iuculano <iuculano@debian.org> Sun, 07 Feb 2010 12:27:14 +0100
+
wordpress (2.5.1-11+lenny2) stable; urgency=low
* [1dd14e6] Fixed a bug in the password reset procedure, users are now
diff -u wordpress-2.5.1/debian/patches/00list wordpress-2.5.1/debian/patches/00list
--- wordpress-2.5.1/debian/patches/00list
+++ wordpress-2.5.1/debian/patches/00list
@@ -17,0 +18 @@
+018CVE-2009-3622
only in patch2:
unchanged:
--- wordpress-2.5.1.orig/debian/patches/018CVE-2009-3622.dpatch
+++ wordpress-2.5.1/debian/patches/018CVE-2009-3622.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 018CVE-2009-3622.dpatch by Giuseppe Iuculano <iuculano@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+@DPATCH@
+diff -urNad wordpress~/wp-trackback.php wordpress/wp-trackback.php
+--- wordpress~/wp-trackback.php 2009-12-03 23:05:28.000000000 +0100
++++ wordpress/wp-trackback.php 2009-12-03 23:09:00.000000000 +0100
+@@ -39,7 +39,7 @@
+ $blog_name = stripslashes($_POST['blog_name']);
+
+ if ($charset)
+- $charset = strtoupper( trim($charset) );
++ $charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
+ else
+ $charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
+
Reply to: