-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: wordpress Binary: wordpress, wordpress-l10n Architecture: all Version: 3.6.1+dfsg-1~deb7u5 Maintainer: Giuseppe Iuculano <[email protected]> Uploaders: Raphaël Hertzog <[email protected]> Homepage: http://wordpress.org Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/wordpress.git Vcs-Git: git://anonscm.debian.org/collab-maint/wordpress.git Build-Depends: debhelper (>= 9), dh-linktree Build-Depends-Indep: perl, gettext, libphp-phpmailer (>= 5.1), libjs-prototype, libjs-scriptaculous, tinymce (>= 3.4.2), libphp-snoopy, libjs-jquery (>= 1.6.1), libjs-jquery-ui (>= 1.8.1), libjs-jquery-form, libjs-cropper, libphp-simplepie (>= 1.2), libjs-swfobject, libjs-backbone, libjs-underscore Package-List: wordpress deb web optional wordpress-l10n deb localization optional Checksums-Sha1: 997fd2158cd14bd29a5598a81c780db34f7173f7 3214412 wordpress_3.6.1+dfsg.orig.tar.xz e7d8a19929661cede1cc16952b4c837f0cc66af6 5248764 wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz Checksums-Sha256: 20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d 3214412 wordpress_3.6.1+dfsg.orig.tar.xz 4ffaeaf4766edd68478f8a9e2d6aa5182a6265b1c79ff27525651b01083503a0 5248764 wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz Files: 4fbd2c241f5d7075b115dfba1b130bfa 3214412 wordpress_3.6.1+dfsg.orig.tar.xz 216db17b0d13b2c82243c79726bc2a9b 5248764 wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUfrOGAAoJEDk4+WvfUP6lpv0P/jETdSDKJ4fxn6P5sDog9oLg YNetEPexUzDEb2oNS6EdvTWnkenqePBWcf2GF7XfDkkEvs/k6pmaWleDgwejZBPg 0POjLRT8YbZyBo4oX9K1VmMG3g3Hx2EcuEsvsNUHv0FKNPwC1ZMOo0eOONtC+BJ/ 5O8xUhcUTdF/ux0RLeaCEPr0DKtCFB+y7R+u46gcLQrt7GVKT9XuiAZlnzW/KUma HofHeKvRIKADxXXm5ERj8gfLvFoVWQlEepnEyQAtHf5BjjY6MwLpj22ELFzg6isO LlabKIa81CkYNibiXs2CIe3+cDTVBZplEBxzM0VcYhrCZ8OIQPbW5l+9B6KNYX89 J2L48x9S9zFKSofv7t3TQDdCCjj4Iojp034xTs94IAe6Rsl3qlkeVhiMoIuym6ZK /pm6r9020aHJ39ctgkzpnOanGCEUVXxj/6GeOSPGJHDCfNoWPNnGyYU6jYu9sjiI s1uC/t8F5bhuUpUUNjf9kU9uw23puWVWHoG4UmBTQ9p9dLQB7GD6a188GitVwaae TXDNSrWZz3ajEzHG7MRKUr+z/TYQqJdow75/y561oAL7u9Hc7p8HRKDWeNl6rFsd B+THX6rzEBBhjn1n0SyBCOkcRJoKhRRKwj1PkkMfaRRxuk1t0ssgLsR5JsbIDHUy AYWYjbbJpgZ4lfYw75aP =Yn0D -----END PGP SIGNATURE----- Changes: wordpress (3.6.1+dfsg-1~deb7u5) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Backport patches for 3.7.4->3.7.5 Closes: #770425 * The patches fix the following security bugs: - CVE-2014-9031 XSS in wptexturize() via comments or posts - CVE-2014-9033 CSRF in the password reset process - CVE-2014-9034 Denial of service for giant passwords - CVE-2014-9035 XSS in Press This - CVE-2014-9036 XSS in HTML filtering of CSS in posts - CVE-2014-9037 Hash comparison vulnerability in old passwords - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space - CVE-2014-9039 Email address change didn't invalidate previously sent password reset -- Craig Small <[email protected]> Wed, 03 Dec 2014 17:49:41 +1100
