Bug#722537: marked as pending

Fri, 13 Sep 2013 14:12:41 -0700 

tag 722537 pending
thanks

Hello,

Bug #722537 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=6496a33

---
commit 6496a33c1dfe723e736bf51bbc25d9a5edb110ae
Author: Yves-Alexis Perez <cor...@debian.org>
Date:   Fri Sep 13 22:18:29 2013 +0200

    Add changelog entry for Squeeze upload.
    
    * Non-maintainer upload by the Security Team.
    * Import wordpress from Jessie to fix all the security issues present in
      Squeeze.
      - update to Wordpress 3.6.1                                 closes: 
#722537
        + CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
        execution.
        + CVE-2013-4339: unproper input validation in URL parsing can lead to
        arbitrary redirection.
        + CVE-2013-4340: privilege escalation allowing an user with an author
        role to create an entry appearing as written by another user.
        + CVE-2013-5738: authenticated users can conduct cross-site scripting
        attacks (XSS) using crafted html file uploads.
        + CVE-2013-5739: default Wordpress configuration doesn't prevent upload
        for .swf and .exe files, making it easier for authenticated users to
        conduct XSS attacks.

diff --git a/debian/changelog b/debian/changelog
index 45995a5..00ac201 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+wordpress (3.6.1+dfsg-1~deb6u1) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Import wordpress from Jessie to fix all the security issues present in
+    Squeeze.
+    - update to Wordpress 3.6.1                                 closes: #722537
+      + CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
+      execution.
+      + CVE-2013-4339: unproper input validation in URL parsing can lead to
+      arbitrary redirection.
+      + CVE-2013-4340: privilege escalation allowing an user with an author
+      role to create an entry appearing as written by another user.
+      + CVE-2013-5738: authenticated users can conduct cross-site scripting
+      attacks (XSS) using crafted html file uploads.
+      + CVE-2013-5739: default Wordpress configuration doesn't prevent upload
+      for .swf and .exe files, making it easier for authenticated users to
+      conduct XSS attacks.
+
+ -- Yves-Alexis Perez <cor...@debian.org>  Fri, 13 Sep 2013 21:47:46 +0200
+
 wordpress (3.6.1+dfsg-1) unstable; urgency=high
 
   * New upstream security release.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to