I am hoping Noah will get the time to sponsor this security update to stable.
----- Forwarded message from Kai Hendry <[EMAIL PROTECTED]> ----- From: Kai Hendry <[EMAIL PROTECTED]> To: Noah Meyerhans <[EMAIL PROTECTED]> Subject: Re: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437840 Date: Sat, 18 Aug 2007 11:14:07 +0100 Reply-To: Kai Hendry <[EMAIL PROTECTED]> http://security.debian.org/debian-security/pool/updates/main/w/wordpress/wordpress_2.0.10-1_all.deb 2.0.11: http://static.natalian.org/2007-08-05/ monty:~/wp% debdiff wordpress_2.0.10-1_all.deb wordpress_2.0.11-1_all.deb File lists identical (after any substitutions) Control files: lines which differ (wdiff format) ------------------------------------------------ Installed-Size: [-2880-] {+2884+} Version: [-2.0.10-1-] {+2.0.11-1+} debian/changelog | 10 debian/copyright | 2 wp-admin/admin-functions.php | 19 wp-admin/edit-form-advanced.php | 27 - wp-admin/edit-form-comment.php | 8 wp-admin/edit-form.php | 8 wp-admin/edit-page-form.php | 12 wp-admin/import/dotclear.php | 383 +++++++-------- wp-admin/import/greymatter.php | 40 - wp-admin/import/livejournal.php | 1 wp-admin/import/mt.php | 3 wp-admin/import/rss.php | 1 wp-admin/import/textpattern.php | 398 ++++++++------- wp-admin/link-import.php | 7 wp-admin/options.php | 13 wp-admin/post.php | 2 wp-content/plugins/akismet/akismet.php | 54 +- wp-content/themes/default/functions.php | 806 ++++++++++++++++---------------- wp-includes/functions-formatting.php | 2 wp-includes/functions.php | 11 wp-includes/pluggable-functions.php | 2 wp-includes/version.php | 2 wp-links-opml.php | 2 wp-mail.php | 2 xmlrpc.php | 4 25 files changed, 959 insertions(+), 860 deletions(-) Here is the changes in a Web interface: http://trac.wordpress.org/changeset?new=branches%2F2.0%405849&old=branches%2F2.0%405396 Actual bugs closed: http://trac.wordpress.org/query?status=closed&milestone=2.0.11 *** There are a lot of changes on the import functions. If these importers aren't patched, I've been told by upstream they become useless. So I hope it can imaginatively fit under clause 2 of http://release.debian.org/stable/4.0/4.0r1/ when potential users try import their data from another blogging system. *** As for the DSA. http://security-tracker.debian.net/tracker/source-package/wordpress http://trac.wordpress.org/query?status=closed&milestone=2.0.11 2.0.11's DSA closes these: http://security-tracker.debian.net/tracker/CVE-2007-2821 http://security-tracker.debian.net/tracker/CVE-2007-3238 There is a security bug http://trac.wordpress.org/ticket/4691 closed by Wordpress upstream, that does not have a CVE AFAIK. Kind regards, ----- End forwarded message -----
signature.asc
Description: Digital signature
