Bug#722537: marked as done (wordpress: CVE-2013-4338 CVE-2013-4339 CVE-2013-4340)

Debian Bug Tracking System Thu, 12 Sep 2013 15:32:54 -0700

Your message dated Thu, 12 Sep 2013 23:52:07 +0200
with message-id <20130912215207.ge15...@x230-buxy.home.ouaza.com>
and subject line Re: Bug#722537: wordpress: CVE-2013-4338 CVE-2013-4339 
CVE-2013-4340
has caused the Debian Bug report #722537,
regarding wordpress: CVE-2013-4338 CVE-2013-4339 CVE-2013-4340
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
722537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wordpress
Severity: grave
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerabilities were published for wordpress.

CVE-2013-4338[0]:
Unsafe PHP unserialization

CVE-2013-4339[1]:
Open Redirect / Insufficient Input Validation

CVE-2013-4340[2]:
Privilege Escalation

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338
[0] http://security-tracker.debian.org/tracker/CVE-2013-4338
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
    http://security-tracker.debian.org/tracker/CVE-2013-4339
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340
    http://security-tracker.debian.org/tracker/CVE-2013-4340

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Version: 3.6.1+dfsg-1

On Thu, 12 Sep 2013, Salvatore Bonaccorso wrote:
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

I had prepared an upload before seeing this bug so the changelog entry
doesn't reference it and I'm closing it manually. Squeeze and wheezy
are also affected though.

> Please adjust the affected versions in the BTS as needed.

Done.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/

--- End Message ---

Bug#722537: marked as done (wordpress: CVE-2013-4338 CVE-2013-4339 CVE-2013-4340)

Reply via email to