Your message dated Sat, 08 Feb 2014 23:17:27 +0000 with message-id <e1wch9l-0005pp...@franck.debian.org> and subject line Bug#722537: fixed in wordpress 3.6.1+dfsg-1~deb6u1 has caused the Debian Bug report #722537, regarding wordpress: CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 722537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wordpress Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerabilities were published for wordpress. CVE-2013-4338[0]: Unsafe PHP unserialization CVE-2013-4339[1]: Open Redirect / Insufficient Input Validation CVE-2013-4340[2]: Privilege Escalation If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4338 [0] http://security-tracker.debian.org/tracker/CVE-2013-4338 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339 http://security-tracker.debian.org/tracker/CVE-2013-4339 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4340 http://security-tracker.debian.org/tracker/CVE-2013-4340 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 3.6.1+dfsg-1~deb6u1 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 722...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Sep 2013 10:30:29 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb6u1 Distribution: squeeze-security Urgency: high Maintainer: Giuseppe Iuculano <iucul...@debian.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 722537 Changes: wordpress (3.6.1+dfsg-1~deb6u1) squeeze-security; urgency=high . * Non-maintainer upload by the Security Team. * Import Wordpress 3.6.1 from Jessie to fix all the security issues present in Squeeze: closes: #722537 - CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code execution. - CVE-2013-4339: unproper input validation in URL parsing can lead to arbitrary redirection. - CVE-2013-4340: privilege escalation allowing an user with an author role to create an entry appearing as written by another user. - CVE-2013-5738: authenticated users can conduct cross-site scripting attacks (XSS) using crafted html file uploads. - CVE-2013-5739: default Wordpress configuration doesn't prevent upload for .swf and .exe files, making it easier for authenticated users to conduct XSS attacks. Checksums-Sha1: 040a70f20d0cf0f2970d9f63f10cee5cfd9486aa 1780 wordpress_3.6.1+dfsg-1~deb6u1.dsc 997fd2158cd14bd29a5598a81c780db34f7173f7 3214412 wordpress_3.6.1+dfsg.orig.tar.xz e35710cc448855680625f2494257779551d152e8 11013851 wordpress_3.6.1+dfsg-1~deb6u1.debian.tar.gz 8b7a39162d8e978029c4f9a6c0ec6079868939ff 3989552 wordpress_3.6.1+dfsg-1~deb6u1_all.deb 866298b8e5dc7ab890b9a087779f2e17cfba7869 8859512 wordpress-l10n_3.6.1+dfsg-1~deb6u1_all.deb Checksums-Sha256: 4da43dff7a3390e81b1f8fdab6a352d05ce76cd57ff9505ab7d069d099fe217b 1780 wordpress_3.6.1+dfsg-1~deb6u1.dsc 20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d 3214412 wordpress_3.6.1+dfsg.orig.tar.xz 901c76616e68290d6a7d6b6f163549a13818d7705a3f81a5895165d163bf4a36 11013851 wordpress_3.6.1+dfsg-1~deb6u1.debian.tar.gz 4ab6406703fc6715c5fabd03297c91eb0fc891047b901206a95c5ebebe14255e 3989552 wordpress_3.6.1+dfsg-1~deb6u1_all.deb 6ccd3ff5259953fa791eb9a65c451821b9034a48bd6876fc147e17ec97b6ab81 8859512 wordpress-l10n_3.6.1+dfsg-1~deb6u1_all.deb Files: 3de8613f1ab97dcbecbdf7a84f9cdada 1780 web optional wordpress_3.6.1+dfsg-1~deb6u1.dsc 4fbd2c241f5d7075b115dfba1b130bfa 3214412 web optional wordpress_3.6.1+dfsg.orig.tar.xz ca958a33d1472d748eae52a79196df28 11013851 web optional wordpress_3.6.1+dfsg-1~deb6u1.debian.tar.gz 3c2875f0b029dd6ce76b39897f548efc 3989552 web optional wordpress_3.6.1+dfsg-1~deb6u1_all.deb b55cd30ea279c0b1e1ea4653acf37391 8859512 localization optional wordpress-l10n_3.6.1+dfsg-1~deb6u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBCgAGBQJSNB+wAAoJEG3bU/KmdcClzo4IAI9UtZkS10Tjjoe3ehtt23AM 7RLhZtTVAfwEWL/lvrpipE8Vajaef79eXH07F5PwXD9kATu6rU/10/ONUf3PCgXD 8Lw/+Rembm3aPacLnfz21t15Js6uQTWvdDn/JzcT/8MLsMrWI80jpgoVstqixpGL gxRuRKNsZFirShDF4lSGLM3lEnRF1k0I9D3SlvcUJChuSKNhdLx7Q1YK2Hqx6JkB V1fBnYq7RGLX8jyx6W/JuRQ7zd9JWeiwIBgDx0Hhbb2as2SSc0PuwI+o9YRW7vgz Sze7jVqD/VgxounhEmEZ/fBLVVT6MtAjXH5LMlGcbHIINzsPJVjBjr+4Oa/d/is= =r28f -----END PGP SIGNATURE-----
--- End Message ---
