Your message dated Thu, 01 Aug 2013 19:47:05 +0000 with message-id <e1v4yq1-0008jy...@franck.debian.org> and subject line Bug#713947: fixed in wordpress 3.5.2+dfsg-1~deb7u1 has caused the Debian Bug report #713947, regarding wordpress: Multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 713947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Severity: grave Tags: security Justification: user security hole Wordpress 3.5.2 fixes multiple security issues. Quoting from http://codex.wordpress.org/Version_3.5.2: Additionally: Version 3.5.2 fixes seven security issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. Additional security hardening includes: * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 3.5.2+dfsg-1~deb7u1 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 713...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hert...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Jun 2013 15:52:07 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.5.2+dfsg-1~deb7u1 Distribution: wheezy-security Urgency: low Maintainer: Giuseppe Iuculano <iucul...@debian.org> Changed-By: Raphaël Hertzog <hert...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 713947 Changes: wordpress (3.5.2+dfsg-1~deb7u1) wheezy-security; urgency=low . * New upstream release with many security fixes. Closes: #713947 * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Additional security hardening includes: * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. * Update the Vcs-Git and Vcs-Browser URLs. * Update Standards-Version to 3.9.4. Checksums-Sha1: 328c43661b04793cd8c1b74cc99b73277f1c81db 2371 wordpress_3.5.2+dfsg-1~deb7u1.dsc 0b0ed001dfaf4d9ea10d1cd6bf32c8755b1b098e 4261024 wordpress_3.5.2+dfsg.orig.tar.xz 6380169163222142f4bda8c7b340b4bfa4093399 5258236 wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 26e327106c0f1f79baa19d0579f3e6d640fc3ffc 4932942 wordpress_3.5.2+dfsg-1~deb7u1_all.deb 12a3db6aa0dbd8962b2b9e308f222a5d9d26e031 8818752 wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb Checksums-Sha256: 1063ceb235db70cd311ddcdabe441bf8ddaea2022af4c7c01014c6b6a67a97f3 2371 wordpress_3.5.2+dfsg-1~deb7u1.dsc c4403b912ec5154aa2ff67e2b7afa5a4b67dca055e3421cc000212b73e6f1eb4 4261024 wordpress_3.5.2+dfsg.orig.tar.xz ee56f142aad5df8b110101730fe7ecf87a45c1d7b76e4ae53a6ace2851ada5d2 5258236 wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 7e88a1568ad12f4aaecc9946709cf1a123ad9fc8cb0aae5cb8a46682d5ddb18b 4932942 wordpress_3.5.2+dfsg-1~deb7u1_all.deb 761c762994e70be95e2ec5c02276265efeda066b88764253971802e407790734 8818752 wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb Files: 3aefef9e0595b6f0d04b480b6b744648 2371 web optional wordpress_3.5.2+dfsg-1~deb7u1.dsc 9dcb3e16668d19373ffdf9b0fe2657dd 4261024 web optional wordpress_3.5.2+dfsg.orig.tar.xz 8af1e30f2698f80abc2c4a0401453ce9 5258236 web optional wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 85f78662d8cb6e58a3077684fae35ccc 4932942 web optional wordpress_3.5.2+dfsg-1~deb7u1_all.deb c62c1573b0da00eb2ae3499015d73882 8818752 localization optional wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJRzKQ7AAoJEOYZBF3yrHKazGcQAJjM7B1IdLVMebDXA79ewQvF SV0X+Htbh6gCOI06rlCOxdeXFmgGRMx5nRbxD4I6z7pSDx+/E/cBIVU15vPB5Bt5 sAxNEQMT580kfmSTzif9tcy2OqeZxlDQFgP/Pwtw7P230/b/lt/gijUetoBAQN1g cWpslcxiO+f9aexKIDKB6yN5z5ouW5R0ATnSsrL6ObHuQ5FPLXWksSbD8Has56An lPGDdlvCsUhTY3tvwYerdebS6u/2vuJTt+j84KxtVRHGB1EHo3Buy0sT0+Eh1LPc zpwG8vEuKnHALGGfE8mpBKuK0qXm4D3LdLjTYak8omnymDBzoDTOrK1H4w1dj6J7 XUGcCb8q4p+rN2EYRsGvAGv6cU+NpIsOp11HN1tcpTVJlOXLKbbVOK3WnS+yRhDm 3fIeGKWh40vLerQau/mYAyZs2jRhSHuBYuBwCXC0AJSaDXlbdfVGKWZbjOwVbELZ 2Yl0hPolFgh/RoXodKQliWlF/B5zavTY/0WBiMi19RvzvEm6DJ/ixjFppOKpoh8E 4svx7u+kjDXwFkyBdad6w62w5R97kQ0YM536WDe7hH0f2ZoEIzgETSurSDULUEJ2 jv6IA+paejPTgdhnl+VxGrY0NaXgB461xFwHJfAmEtDC82VpSSjYu+zLbI6Ktw9U W7PVVmTDdVUYBvDzbgNU =R5oh -----END PGP SIGNATURE-----
--- End Message ---
