Bug#568731: opu: package wordpress/2.0.10-1etch6

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#568731: opu: package wordpress/2.0.10-1etch6
From: Giuseppe Iuculano <iuculano@debian.org>
Date: Sun, 07 Feb 2010 13:00:50 +0100
Message-id: <20100207120050.3775.64172.reportbug@blog-devel.iuculano.it>
Reply-to: Giuseppe Iuculano <iuculano@debian.org>, 568731@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: opu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I prepared an upload to fix a minor security issue in wordpress in oldstable.
Debdiff attached.


Cheers,
Giuseppe.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktuq28ACgkQNxpp46476arkfgCffhbQ4JFoJmLxBdyBhpwO8rg3
G2YAn1Nz+lAuy6AYAVbUOvSYQgk+qeFx
=N6bD
-----END PGP SIGNATURE-----

diff -u wordpress-2.0.10/debian/changelog wordpress-2.0.10/debian/changelog
--- wordpress-2.0.10/debian/changelog
+++ wordpress-2.0.10/debian/changelog
@@ -1,3 +1,10 @@
+wordpress (2.0.10-1etch6) oldstable; urgency=low
+
+  * [1eba647] Fixed CVE-2009-3622: Strip commas and spaces from charset
+    in wp-trackback.php
+
+ -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 07 Feb 2010 12:50:52 +0100
+
 wordpress (2.0.10-1etch5) oldstable-security; urgency=high
 
   * [8c26085] Backported absint() function and fixed a regression in
diff -u wordpress-2.0.10/debian/patches/00list wordpress-2.0.10/debian/patches/00list
--- wordpress-2.0.10/debian/patches/00list
+++ wordpress-2.0.10/debian/patches/00list
@@ -19,0 +20 @@
+020CVE-2009-3622
only in patch2:
unchanged:
--- wordpress-2.0.10.orig/debian/patches/020CVE-2009-3622.dpatch
+++ wordpress-2.0.10/debian/patches/020CVE-2009-3622.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 020CVE-2009-3622.dpatch by Giuseppe Iuculano <iuculano@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fixed CVE-2009-3622: Strip commas and spaces from charset in wp-trackback.php
+
+@DPATCH@
+diff -urNad wordpress~/wp-trackback.php wordpress/wp-trackback.php
+--- wordpress~/wp-trackback.php	2009-12-03 11:39:41.000000000 +0100
++++ wordpress/wp-trackback.php	2009-12-03 11:49:56.000000000 +0100
+@@ -39,7 +39,7 @@
+ $blog_name = stripslashes($_POST['blog_name']);
+ 
+ if ($charset)
+-	$charset = strtoupper( trim($charset) );
++	$charset = str_replace( array(',', ' '), '', strtoupper( trim($charset) ) );
+ else
+ 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';
+

Reply to:

Follow-Ups:
- Bug#568731: opu: package wordpress/2.0.10-1etch6
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#568729: pu: package wordpress/2.5.1-11+lenny3
Next by Date: Bug #555168: considering the pseudo-licences in locale files as "non-free"?
Previous by thread: Bug#568729: pu: package wordpress/2.5.1-11+lenny3
Next by thread: Bug#568731: opu: package wordpress/2.0.10-1etch6
Index(es):
- Date
- Thread