Bug#568729: pu: package wordpress/2.5.1-11+lenny3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#568729: pu: package wordpress/2.5.1-11+lenny3
From: Giuseppe Iuculano <iuculano@debian.org>
Date: Sun, 07 Feb 2010 12:47:53 +0100
Message-id: <20100207114753.22056.22207.reportbug@blog-devel.iuculano.it>
Reply-to: Giuseppe Iuculano <iuculano@debian.org>, 568729@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I prepared an upload to fix a minor security issue in wordpress.
Debdiff attached.


Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktuqGYACgkQNxpp46476arliQCgnASlYiS3suRzVWaorpKCPwKD
gtoAoJetoPnqqeSfvakm0tGrl2c++Oul
=Uaka
-----END PGP SIGNATURE-----

diff -u wordpress-2.5.1/debian/changelog wordpress-2.5.1/debian/changelog
--- wordpress-2.5.1/debian/changelog
+++ wordpress-2.5.1/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (2.5.1-11+lenny3) stable; urgency=low
+
+  * [3c05401] Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 07 Feb 2010 12:27:14 +0100
+
 wordpress (2.5.1-11+lenny2) stable; urgency=low
 
   * [1dd14e6] Fixed a bug in the password reset procedure, users are now
diff -u wordpress-2.5.1/debian/patches/00list wordpress-2.5.1/debian/patches/00list
--- wordpress-2.5.1/debian/patches/00list
+++ wordpress-2.5.1/debian/patches/00list
@@ -17,0 +18 @@
+018CVE-2009-3622
only in patch2:
unchanged:
--- wordpress-2.5.1.orig/debian/patches/018CVE-2009-3622.dpatch
+++ wordpress-2.5.1/debian/patches/018CVE-2009-3622.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 018CVE-2009-3622.dpatch by Giuseppe Iuculano <iuculano@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed CVE-2009-3622: Strip commas and spaces from charset.
+
+@DPATCH@
+diff -urNad wordpress~/wp-trackback.php wordpress/wp-trackback.php
+--- wordpress~/wp-trackback.php	2009-12-03 23:05:28.000000000 +0100
++++ wordpress/wp-trackback.php	2009-12-03 23:09:00.000000000 +0100
+@@ -39,7 +39,7 @@
+ $blog_name = stripslashes($_POST['blog_name']);
+ 
+ if ($charset)
+-	$charset = strtoupper( trim($charset) );
++	$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
+ else
+ 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
+

Reply to:

Follow-Ups:
- Bug#568729: pu: package wordpress/2.5.1-11+lenny3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Bug#568715: RM: syscp/1.4.2.1-2
Next by Date: Bug#568731: opu: package wordpress/2.0.10-1etch6
Previous by thread: Processed: Bug#568715: RM: syscp/1.4.2.1-2
Next by thread: Bug#568729: pu: package wordpress/2.5.1-11+lenny3
Index(es):
- Date
- Thread