Your message dated Mon, 08 Dec 2014 15:33:51 +0000 with message-id <e1xy0jr-0006uy...@franck.debian.org> and subject line Bug#770425: fixed in wordpress 3.6.1+dfsg-1~deb7u5 has caused the Debian Bug report #770425, regarding wordpress: CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 (issues fixed in 4.0.1 security release) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 770425: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wordpress Version: 3.6.1+dfsg-1~deb7u4 Severity: important Dear Maintainer, I'm setting the priority to important as it is mentioned as critical update. Please feel free to change it, and sorry in advance if I set it wrong :) The original wordpress announce is here: https://wordpress.org/news/2014/11/wordpress-4-0-1/ and I can confirm that this affects current debian stable version, following the steps here[1]. Also, doing the mentioned change here[1] **that** test-case doesn't work anymore. Although upstream fixes are, of course, recommended. Please consider upgrading soon and let me know if I can help you to test something. Thanks a lot, Rodrigo [1]: http://klikki.fi/unquote/
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 3.6.1+dfsg-1~deb7u5 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 770...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 03 Dec 2014 17:49:41 +1100 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Giuseppe Iuculano <iucul...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 770425 Changes: wordpress (3.6.1+dfsg-1~deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport patches for 3.7.4->3.7.5 Closes: #770425 * The patches fix the following security bugs: - CVE-2014-9031 XSS in wptexturize() via comments or posts - CVE-2014-9033 CSRF in the password reset process - CVE-2014-9034 Denial of service for giant passwords - CVE-2014-9035 XSS in Press This - CVE-2014-9036 XSS in HTML filtering of CSS in posts - CVE-2014-9037 Hash comparison vulnerability in old passwords - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space - CVE-2014-9039 Email address change didn't invalidate previously sent password reset Checksums-Sha1: c20253a8fb57bbb7ee21b02e45a56f4b72df6845 2319 wordpress_3.6.1+dfsg-1~deb7u5.dsc e7d8a19929661cede1cc16952b4c837f0cc66af6 5248764 wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz f74318f890320346775b3cb11a907ccd3a3c9046 3963774 wordpress_3.6.1+dfsg-1~deb7u5_all.deb b95f473d2c20d20d21413733bd1215d06297fc7d 8871382 wordpress-l10n_3.6.1+dfsg-1~deb7u5_all.deb Checksums-Sha256: ca1357404b89b5e5d9062d658bce22b1d86d1c385c8f0ab8318435ad8abe1545 2319 wordpress_3.6.1+dfsg-1~deb7u5.dsc 4ffaeaf4766edd68478f8a9e2d6aa5182a6265b1c79ff27525651b01083503a0 5248764 wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz ee286acae3ee7280507b23bd6d9218b61023ede2349ccc9a865624b3cffb77d4 3963774 wordpress_3.6.1+dfsg-1~deb7u5_all.deb 623cd45b8c1c20976cf84397cdc376babc7570b94b5bfc3542cc918cd03bebb6 8871382 wordpress-l10n_3.6.1+dfsg-1~deb7u5_all.deb Files: afa4c48ad2294d72638ca3fabd3451bd 2319 web optional wordpress_3.6.1+dfsg-1~deb7u5.dsc 216db17b0d13b2c82243c79726bc2a9b 5248764 web optional wordpress_3.6.1+dfsg-1~deb7u5.debian.tar.xz cc1201f346a9a2d39f2b60cf498df130 3963774 web optional wordpress_3.6.1+dfsg-1~deb7u5_all.deb 518c9bc812ce553515c4203421fbc85c 8871382 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUfrOLAAoJEDk4+WvfUP6ld6sP/RfDjF8LwaXJCPIUxtFV4XxM 6JUspwrpSGFklbkHbSd9qFEKb/9FK1pcSX5Ptvv/R6kAZTB6J9eLdwxR596xBdAy DqCwX9X1Chb30ricjh6AOvfloDyY0y0MCkuZUAvm3aptzfST9vhOZ4W+b5ysWBqX VbiZwi0aoMDJIkpSane9ItGwILt6469ZKXXZp2zXk/riDGZnepAmXC3DMbBSSzOa aHI0u4BfgFUBoHB+Ne7P3CVp3JFp1BdhQ9upDZ/HPY0QWL8NSlibaQv3qyjkkovj G6yc3g2I6W6b2H+PFj7HMOvgN3n/CgKtoLgUT6uU6XkwpP2LzmGfrJaNWYoiL3OK syhSLFAgsijaaXiEZpYr1DMumcS0mOgYI0FVF64r8I66LasBVAglQeRz65GsL/fs bC3LuTZPbT/qzsLJeECqNK9bplY+vyUF33jaybNKvb4BAixQfHqXgyJVSD4fP2Y6 DS2WTcLq4N6wAB4cUuxXrQoXyDBX67ZC9JY1sKOAW7WOOm5+6Ud5+eal/Wi4f0lj 7a0RoqmFkwE3gujBqcOwdtu1zQsIbliOVi0alcLlMTnbdWqtdHgmonNKGYg7UQVn S9j4+qxcZYncwhHncRVosdcvNv1zLVEgPRcegNH06dpQtWCZZ6rN92aDhFYx6SXR nwVI5EqIQyaFgh4GZd94 =O05/ -----END PGP SIGNATURE-----
--- End Message ---
