Your message dated Mon, 28 Jan 2013 17:03:02 +0000
with message-id <e1tzs6o-0004ny...@franck.debian.org>
and subject line Bug#698916: fixed in wordpress 3.5.1+dfsg-1
has caused the Debian Bug report #698916,
regarding wordpress: pingback port scanning issue fixed in 3.5.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
698916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698916
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wordpress
Version: 3.5+dfsg-1
Severity: important
http://wordpress.org/news/2013/01/wordpress-3-5-1/
- A server-side request forgery vulnerability and remote port scanning using
pingbacks. This vulnerability, which could potentially be used to expose
information and compromise a site, affects all previous WordPress versions.
This was fixed by the WordPress security team. We’d like to thank security
researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
- Two instances of cross-site scripting via shortcodes and post content. These
issues were discovered by Jon Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks
to the Moxiecode team for working with us on this, and for releasing Plupload
1.5.5 to address this issue.
--
Henri Salo
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 3.5.1+dfsg-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 698...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphaël Hertzog <hert...@debian.org> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 28 Jan 2013 17:15:27 +0100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.5.1+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Giuseppe Iuculano <iucul...@debian.org>
Changed-By: Raphaël Hertzog <hert...@debian.org>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
Closes: 698916
Changes:
wordpress (3.5.1+dfsg-1) unstable; urgency=low
.
* New upstream maintenance and security release. Closes: #698916
Checksums-Sha1:
5f0996176d0cc7af9b26efc7fdc8df02d138d6f6 2332 wordpress_3.5.1+dfsg-1.dsc
9459f34d9d67d2f519419f5c488dd124da5f56f3 4284028
wordpress_3.5.1+dfsg.orig.tar.xz
eaac3330740fddd8071171c2211623dc3ed78b3d 3652744
wordpress_3.5.1+dfsg-1.debian.tar.xz
e04b2b1bea241f12fc2ecb3c109927c079d20e48 4759492 wordpress_3.5.1+dfsg-1_all.deb
4a129892b16eee675fbcb2b2cf969be7f376e3d5 5539524
wordpress-l10n_3.5.1+dfsg-1_all.deb
Checksums-Sha256:
69f3b54fd08343cf6e3bb75bb7dc5f637c7c9ead2174a19300b928cd2ee8e86b 2332
wordpress_3.5.1+dfsg-1.dsc
6a898ff66e915847c65c65b3421834b77284f80c47b410fc268db910025dc404 4284028
wordpress_3.5.1+dfsg.orig.tar.xz
ba7c3112172470a1b47d5fc3f8c3793c7daf6d105030913fc05da1787df82d16 3652744
wordpress_3.5.1+dfsg-1.debian.tar.xz
e7dfd7ff24c9c92f5a70b6cb90ce8638592460f68088b70d0b9df07bd8372203 4759492
wordpress_3.5.1+dfsg-1_all.deb
5d8fac3d64dda64715d95f32f2fd4619cd7d9139b9d890eea7537eb68007e52e 5539524
wordpress-l10n_3.5.1+dfsg-1_all.deb
Files:
53a2f5f1d3811b889c30b2ee494b365f 2332 web optional wordpress_3.5.1+dfsg-1.dsc
c8e8f13bd9a8961541433818e36ea482 4284028 web optional
wordpress_3.5.1+dfsg.orig.tar.xz
ce872b65eb5dec380775c06e7c600219 3652744 web optional
wordpress_3.5.1+dfsg-1.debian.tar.xz
f23d91e480546011f69aa8255fd77f4e 4759492 web optional
wordpress_3.5.1+dfsg-1_all.deb
e0ceab8b16b7d2f1aa7e8cd393fe3081 5539524 localization optional
wordpress-l10n_3.5.1+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iQIcBAEBCAAGBQJRBquzAAoJEOYZBF3yrHKakFsP/3lkciqdXA3n4tyBcHWnwhsg
HekplQfx/ofa/E8HlCdZJKHUyETQiNUP7kW4jwvefaVs8U4EW4Pp7Gy/AAxuxB2M
DKIjuEVcEBM2X+t+wRA6LYJdqmCd2ii2MwCGXx2WfP4ultEJnPdTa35cjbWDCvd4
H7/vphoQb/d/cH2Lv5EVeqW+VwX9modODHn8ots032FjCQ5Q6u06vwWlfBYHg+fh
DJu8/I3c/4S/b/L8CVUuSnvek1kyoDRGb+hVgT96u14J1knAID4FpLMQebYqgLJN
Wb2Wc9fn0tUMhMGn8oMJAuVSBDGMoExlXE/+xYNn5RmYBIrXUeL7VG4mo1fxxL1e
+xk7aGKfcwUK9xYcp76AVa4dp5GRmklm872HZjh9ZVCs+qzYEOjs0UHrxlYRg5by
X7QMlLjbydWsPOM27BdrRRaIILFv/Kn30Mx7Thyw2JHMQC8seMf0zflPXmTxwp0q
gkC5MONdzNdM7yMkCLlVa05DXj6qSj5+axO9dpWIFFez+PPULLBkDG+YmkkH9Fso
yT88/F5S4gg+RLiaTU+/i1KtiYlgj7fB8sKh+KFRYSIORD8pYslIX+o30veX8Fvt
DkeVVdoHYk3cZSHuu66a9eDO0SbZSSZY2PXzcXx0klUqPOogbFlR0vowddzrvhf3
iQ5SoBi1DvgvFzmEaWYQ
=15FK
-----END PGP SIGNATURE-----
--- End Message ---
