Bug#722537: marked as pending

Sat, 14 Sep 2013 02:21:50 -0700 

tag 722537 pending
thanks

Hello,

Bug #722537 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=a8fbc2c

---
commit a8fbc2c80e478c47229a69fb6fccf246c3752e21
Author: Yves-Alexis Perez <cor...@debian.org>
Date:   Fri Sep 13 22:18:29 2013 +0200

    Add changelog entry for Squeeze upload.
    
    * Non-maintainer upload by the Security Team.
    * Import wordpress from Jessie to fix all the security issues present in
      Squeeze.
      - update to Wordpress 3.6.1                                 closes: 
#722537
        + CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
        execution.
        + CVE-2013-4339: unproper input validation in URL parsing can lead to
        arbitrary redirection.
        + CVE-2013-4340: privilege escalation allowing an user with an author
        role to create an entry appearing as written by another user.
        + CVE-2013-5738: authenticated users can conduct cross-site scripting
        attacks (XSS) using crafted html file uploads.
        + CVE-2013-5739: default Wordpress configuration doesn't prevent upload
        for .swf and .exe files, making it easier for authenticated users to
        conduct XSS attacks.

diff --git a/debian/changelog b/debian/changelog
index 45995a5..300cea6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+wordpress (3.6.1+dfsg-1~deb6u1) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Import Wordpress 3.6.1 from Jessie to fix all the security issues present
+    in Squeeze:                                                 closes: #722537
+    - CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code
+    execution.
+    - CVE-2013-4339: unproper input validation in URL parsing can lead to
+    arbitrary redirection.
+    - CVE-2013-4340: privilege escalation allowing an user with an author role
+    to create an entry appearing as written by another user.
+    - CVE-2013-5738: authenticated users can conduct cross-site scripting
+    attacks (XSS) using crafted html file uploads.
+    - CVE-2013-5739: default Wordpress configuration doesn't prevent upload
+    for .swf and .exe files, making it easier for authenticated users to
+    conduct XSS attacks.
+
+ -- Yves-Alexis Perez <cor...@debian.org>  Fri, 13 Sep 2013 21:47:46 +0200
+
 wordpress (3.6.1+dfsg-1) unstable; urgency=high
 
   * New upstream security release.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to