Your message dated Tue, 11 Aug 2015 21:47:23 +0000 with message-id <e1zphof-0003l8...@franck.debian.org> and subject line Bug#794560: fixed in wordpress 4.1+dfsg-1+deb8u4 has caused the Debian Bug report #794560, regarding wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 4.2.3 and earlier multiple vulnerabilities to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 794560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: wordpress Version: 4.2.3+dfsg-1 Severity: grave Tags: security, fixed-upstream This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandà of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. For more information please see: https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ http://openwall.com/lists/oss-security/2015/08/04/5 - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVwLJNAAoJECet96ROqnV08QwQAMJvwXTWaHZssqXCPTo77H1R vXHSu865JrpSjZkBruXA3yJzqefL8u1bCtxAMn1xIMYKCoweHvQyhce1ipBLM5NG CT9XGZUUPrvjAkiwNSkWnwm475ixH8AdsZvUXqQY5Yb2QcA/KBAPjMfu5IS12FTM PN3fg3OKOYgJlaVAzai/He1IMakzPyH9l+7NCa8lr1upJIJ1v5xyMzfTzyZ9hZnW dcpWFcP5/MjvkTGtqyDtc0s/Q5qHJPQEYYGvQTrGo9yo567t6xzjuVSHwWUhnlTT C41RV0VbjpPefhFcuR51wt0mMy77TB+DJh8lMl5XH5zQCE4/YjCPZ356I1EnKJ7g /2Xj0JbovF0b+eK+Xr+7VW8j8npf9gx2QALiQnFXS8EuaE4Aap2xxpDHLlqJiSl2 xK/+u67EnkkO1KRpztMNcSyUxEulQQZnEMD151Sg+8SanbfF5H4cHzea5zf8keTm EtPQ+48loWFe1N1c11xPgKLYU5SqOz5puwKqkzftD4mhnYarUrlulPy+enMVrM0o kMCnIyJWwo90pu3PGs4eT4XLsoxeyZMBJMjo2F6g4+eywl1/Hcw/qKMWi2Cau9IY GYm1KAZXl+X57heGyYj2nmZLidx3D8lX1ypGUtSXkIZ3EU5lZ2ZpGSPxONoYptkg 8HjdESDayI1Z6aHajdj7 =5NXI -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: wordpress Source-Version: 4.1+dfsg-1+deb8u4 We believe that the bug you reported is fixed in the latest version of wordpress, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 794...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated wordpress package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 05 Aug 2015 22:44:20 +1000 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1+dfsg-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Craig Small <csm...@debian.org> Changed-By: Craig Small <csm...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Closes: 794548 794560 Changes: wordpress (4.1+dfsg-1+deb8u4) jessie-security; urgency=high . * Rework changeset 33359 reliable shortcodes CVE-2015-5622 Closes: #794548 * Backports of 4.2.4 security fixes Closes: #794560 * Changeset 33555 SQL Injection CVE-2015-2213 * Changeset 33535 fixes timing attack CVE-2015-4730 * Changeset 33542 prevent posts lock attack CVE-2015-5731 * Changeset 33529 XSS widget title CVE-2015-5732 * CVE-2015-5733: Not vulnerable CS32176 fixes this * Changeset 33549 theme preview XSS CVE-2015-5734 Checksums-Sha1: f79d291d8ea25cd90919437fb9d1fecebc9768e4 2533 wordpress_4.1+dfsg-1+deb8u4.dsc bfdb4cc4aa0eae23804b1a8ee71f792c997d3d97 6115692 wordpress_4.1+dfsg-1+deb8u4.debian.tar.xz 4da3b3fcd173abcc09be8bffdc25f39cdc3f0c09 3169256 wordpress_4.1+dfsg-1+deb8u4_all.deb 07de63d883a9bbd8e503ca1fa4ec43b7e3e31a7f 4238128 wordpress-l10n_4.1+dfsg-1+deb8u4_all.deb 86fdf39805e883e07ea416ca00cffbb5f629f7ed 501258 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u4_all.deb 4498803c95deeac8a4662f3f434419722523e3da 800496 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u4_all.deb f229a6408dcdfc1809e7da6cf3f9ea920b887c64 320176 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u4_all.deb Checksums-Sha256: 590770aac3643a3c70d6760dea42a6f1660596b20ed4644565a00572d008d0cf 2533 wordpress_4.1+dfsg-1+deb8u4.dsc 402c78945d133e2ef70997bcea91ca4cca35c7205136d912a2bf991031208549 6115692 wordpress_4.1+dfsg-1+deb8u4.debian.tar.xz 919855f09b3939be8579f6ea1c0480fd67fddcff916ed94317584013942f7e2f 3169256 wordpress_4.1+dfsg-1+deb8u4_all.deb cb644fde09ae496095980675d12224c1333bdc6e18b68099439fb42951470469 4238128 wordpress-l10n_4.1+dfsg-1+deb8u4_all.deb a010c3ce64fd0255967a37afd2d02a43a028cd42ec9ce5d69c57e063a36916b0 501258 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u4_all.deb 2078722937f448efabe2755606ce3d337fa129f308b0fd99f42eab5c7c6adc2f 800496 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u4_all.deb 8dc189d0d2ac605b7e758836a7d78327a2b2e48c24aae520e0cc0d30062a9b77 320176 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u4_all.deb Files: 577746706fa21996e2f64ec47f3620f0 2533 web optional wordpress_4.1+dfsg-1+deb8u4.dsc c17f0ebbdeab000ac072f8e9d2f726bc 6115692 web optional wordpress_4.1+dfsg-1+deb8u4.debian.tar.xz 685383657bfab41737b032b350e22d98 3169256 web optional wordpress_4.1+dfsg-1+deb8u4_all.deb 407c02c26d6a7bd2d9c96a09465cdaed 4238128 localization optional wordpress-l10n_4.1+dfsg-1+deb8u4_all.deb 5537c91245c51ed0f2653a5f396d5cf4 501258 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u4_all.deb df1b7a1f1b49a6f1963a5ae6c39c7915 800496 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u4_all.deb 2b6800b84f2c25b53df56f80c605f67e 320176 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVycsYAAoJEDk4+WvfUP6lEU8QAICteXJSBqZOrZtZE9JSn5T6 nN3LpWJJ7y8VudjblT1iDFNyMp0Gm9gtmf2VbFb8+q0Oh+RoYAvW5JdxezEzdGhL A7k1eBO16fEXSA4mv6JOWyRjWoVigfvlk2X/q4Q9iA5XC7Rt1kCv5gdFUsSqD9Dr Di68T+usZZA0O/TLa/PqYBoXIXKzXN7kma/udnf8hrVQpPuZK1Wq0J4ArkAHLQ17 RsiM24luhAzKgesifVwXEHBdSjlBB6vsxYiAoj8VbywZOMDyFlWeIv1OqJoMw3mE IATjDNOKzjAbSFtlY22vv4hX3fLMQI5HdgoTtxpPEicJqSZzbeXfMDGjvBTbmMuT kgqDFMsMNBfrdjQIhZRyHcIZKJRHDPxM/WddbwDq9vaKDxmuztAa4lmQgyGj24ps VJI8dQtSrfo1Ijcp0CCMPds68JIc+ApUQCxGO7s5GFisSDC6i2ftttKOi7+D1yv6 YGJ4nSnlynuTmaZOe1pYnj+D8/hRxFz+RjyoW8YOtxwK14/Vw3keA25mA/po5KeD ajD2h8vDAF04vBUhRoG36Tv3pgHa56NdbxflAS8DXoPlHVHwqwTkZTl8ZcyvR70M 6RE4wz279vZV/bq1JfZmbaCxJt+4uHahfRGNjyevGYQ3GJ+ucZ95NiHXhRKhG+fo 4vXruUoRZMQ24Ap0ahA4 =omlP -----END PGP SIGNATURE-----
--- End Message ---
