Bug#770425: marked as done (wordpress: 4.0.1 security release)

[Debian Bug Tracking System]

Your message dated Sat, 22 Nov 2014 09:20:11 +0000
with message-id <e1xs6rt-0006ox...@franck.debian.org>
and subject line Bug#770425: fixed in wordpress 4.0.1+dfsg-1
has caused the Debian Bug report #770425,
regarding wordpress: 4.0.1 security release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
770425: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: wordpress
Version: 3.6.1+dfsg-1
Severity: grave
Tags: security upstream fixed-upstream

Hi

Setting this as severity grave as it is mentioned as critical update.
See https://wordpress.org/news/2014/11/wordpress-4-0-1/ for details.

There are no CVEs assigned yet for these issues.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: wordpress
Source-Version: 4.0.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csm...@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Nov 2014 19:29:37 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfourteen 
wordpress-theme-twentythirteen wordpress-theme-twentytwelve
Architecture: source all
Version: 4.0.1+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <csm...@debian.org>
Changed-By: Craig Small <csm...@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
 wordpress-theme-twentytwelve - weblog manager - twentyttwelve theme files
Closes: 770425
Changes:
 wordpress (4.0.1+dfsg-1) unstable; urgency=high
 .
   * New upstream release
   * Fixes several security bugs Closes: #770425
     - Three cross-site scripting issues that a contributor or
       author could use to compromise a site.
     - A cross-site request forgery that could be used to trick a
       user into changing their password.
     - An issue that could lead to a denial of service when
       passwords are checked.
     - Additional protections for server-side request forgery
       attacks when WordPress makes HTTP requests.
     - An extremely unlikely hash collision could allow a user’s
       account to be compromised, that also required that they
       haven’t logged in since 2008.
     - WordPress now invalidates the links in a password reset email
       if the user remembers their password, logs in, and changes
       their email address.
Checksums-Sha1:
 e81ec6d142376daa49bd071abfa1b542d912f31a 2514 wordpress_4.0.1+dfsg-1.dsc
 c23e3f0af7957f31de78d002290dc067ca536bd6 4767212 
wordpress_4.0.1+dfsg.orig.tar.xz
 58bdb60bdd50b166a98be6f9315af56f7fb2e035 5234184 
wordpress_4.0.1+dfsg-1.debian.tar.xz
 1d683b49644925084dad60ce4c6986fa6ae042ad 3509564 wordpress_4.0.1+dfsg-1_all.deb
 3bb1d38be1d9045d4f973bb5152be58d39241656 3730236 
wordpress-l10n_4.0.1+dfsg-1_all.deb
 a877ab5bd429688756523ba0758f123e46dbd44f 778060 
wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb
 3065a3dafeadaf6560e240c0e2825f05727d0eb2 306672 
wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb
 ad09b824d4e98f2f83b5228a7035ccf8fe49af4b 384000 
wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb
Checksums-Sha256:
 2872fcb8b510be49d71c7f933c4d095446ba998ad6c8a4917fc94c26e4e7f678 2514 
wordpress_4.0.1+dfsg-1.dsc
 01dd39c08137252ddd9adf8b87bb0a2175404b4ac04568724aa4fbe5600c086b 4767212 
wordpress_4.0.1+dfsg.orig.tar.xz
 641779f1defc66e6a3f289eca3af6008ee59b5f7fd5acb1377d6a998d5184b9c 5234184 
wordpress_4.0.1+dfsg-1.debian.tar.xz
 a45c500f126b672d2b1210c75450ecb24f8ea7775ac86ac72027993b051cc6dd 3509564 
wordpress_4.0.1+dfsg-1_all.deb
 605a7b0774a97ce0f08b93a664fca58647fb0f43e9dbe855aef8acf8053e44bf 3730236 
wordpress-l10n_4.0.1+dfsg-1_all.deb
 ca153e7deceb136776eb24140d5d16e5203122c5491a48f7900fbef0c03f606f 778060 
wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb
 4697bbe91a90490757186e359a3a66db167699b238b283fb1c5e895f1e4aa24a 306672 
wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb
 5e426ea3ac6d142befa698483d972a0e70eccaa0e22a4733dd1007d99a69e9d8 384000 
wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb
Files:
 77dc4a39aae7ccc90566de745c8109be 2514 web optional wordpress_4.0.1+dfsg-1.dsc
 f152c306a54fa3b7dd58d8e46cc9edc9 4767212 web optional 
wordpress_4.0.1+dfsg.orig.tar.xz
 70321179ecee0a74806d5ffde34b84fc 5234184 web optional 
wordpress_4.0.1+dfsg-1.debian.tar.xz
 9fa85a0532dae923a679db5fb1f7f19f 3509564 web optional 
wordpress_4.0.1+dfsg-1_all.deb
 8901e6677a3031092e485bc23deb2f60 3730236 localization optional 
wordpress-l10n_4.0.1+dfsg-1_all.deb
 c2fede0f7e72eff28dc501db47c3eb44 778060 web optional 
wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb
 08d5835d8d48b74902691f0e490ba1e4 306672 web optional 
wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb
 37723d4a8af949bad485bb73b651f273 384000 web optional 
wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUcErDAAoJEDk4+WvfUP6lFzgP/inSWwl49/2l4q1qxNvEdME4
s8Lvoarmpqquh0Vc22jLC1QLTlbk4E9sROZUNwBh9D+hGsfjXfm7xi392I+KKqvc
1yqVjporuHvIPGSkosiVoLYvi1bEhn6sqDk/Yf/iq2PwsZt5esVCbZ8bxPAq1Q4d
leAVgcsF0qaTyfVD2BRgOlgHoxp1BwoQNb4xeIJ6G2AkYP8c0EiraRZqXYemtAgv
cTGSX65RqR3gJaWXwUdaqHSZ6TxZKslfdyA4E64VP1L8CUh3bOTVfrU4y4UEaEQl
+eIwQwRgH7IBbw/4wauiQKV/7Ubtvt44wV/Vh4TpD8WW2sQY/xGr3gicZBh+/9Fk
jbiqAgwY78i0fG52CgG7ZU+sng5N7xev9hdidZ/kCTm1QsEF6fKmV171FizEJZMb
YX6vhOE3zEpDY1hrhFjRvwUNqqC0Hf5Fr/VIpRUYUJ/R8w3zU6PPJ5f/Okyr+aTj
Xr/eoPnR1vX1MVZYOIhg+G9+3ACUbGZ1ZNXkk+AJ8vNWrYQvXe5L50DfryX9vrpc
cAbGecxcSVyZSCHUIGMpf2Pv+ZBgKfataIXXO6T3o+9NB3XQROombpBYylNpnzMK
qszVgMGsaDlz1W6oGgJd9BV6a+FO4uAwdziGJ9baMHZyeq8za1qDL7/IQOF8VXbk
ik5wPwMTT2jouBNTMMww
=E9Gv
-----END PGP SIGNATURE-----

--- End Message ---