wordpress: New critical security release available: 4.2.1 (CVE-2015-3440)

Debian Bug report logs - #783554
wordpress: New critical security release available: 4.2.1 (CVE-2015-3440)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wordpress: New critical security release available: 4.2.1

Date: Tue, 28 Apr 2015 08:13:10 +1000

Source: wordpress
Version: 4.2
Severity: important
Tags: security

Another wordpress security update. Sid will need to move from
4.2 to 4.2.1

Jessie doesn't have the impacted function but I believe the
vulnerability is still there are there are no field length
boundaries.


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 783554-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-close@bugs.debian.org

Subject: Bug#783554: fixed in wordpress 4.2.1+dfsg-1

Date: Mon, 27 Apr 2015 23:25:28 +0000

Source: wordpress
Source-Version: 4.2.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783554@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Apr 2015 08:32:48 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.2.1+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 783554
Changes:
 wordpress (4.2.1+dfsg-1) unstable; urgency=high
 .
   * New Security release Closes: #783554
   * Patches another XSS due to field length
Checksums-Sha1:
 e0452308c4fbf39ea498a75c56654f98acd86798 2519 wordpress_4.2.1+dfsg-1.dsc
 d5fb206b7e030ae5d608222d7adcd6db4977f17e 4833460 wordpress_4.2.1+dfsg.orig.tar.xz
 d2a253f2cea810b3623269e8abb0de826e5db7f5 5980548 wordpress_4.2.1+dfsg-1.debian.tar.xz
 4ee241082796e5554d3d2211bf7f5669ce2286ea 3246610 wordpress_4.2.1+dfsg-1_all.deb
 761c3aad6d1fd698fe8560dead40b0ea82693466 4238494 wordpress-l10n_4.2.1+dfsg-1_all.deb
 c0b21ce75d5b957ca770d00948a2d344a5f371d0 507704 wordpress-theme-twentyfifteen_4.2.1+dfsg-1_all.deb
 4637b52fa3683dd46bd2b8b4466b316aa7d4ac37 803580 wordpress-theme-twentyfourteen_4.2.1+dfsg-1_all.deb
 6ac3ce127b0eb8ec46b2106d552b5a7a0daf6b7a 322926 wordpress-theme-twentythirteen_4.2.1+dfsg-1_all.deb
Checksums-Sha256:
 0b17986f655d98ef5af85bcbf7bb673fe1a01326eb45225bb148912bd1792bd3 2519 wordpress_4.2.1+dfsg-1.dsc
 0b1a00d29804679d0abe26377e7ffc16f969dcbfa4e40dc22242ba9487d0551e 4833460 wordpress_4.2.1+dfsg.orig.tar.xz
 f2d7379727505dfa0bcbf203b988ad4716bd64b12ee2fd87aa39709ce2da96e9 5980548 wordpress_4.2.1+dfsg-1.debian.tar.xz
 d13da143b394aaebf88b5a7b9fac8bcd13d016ec46a4b9a9fd8ab6a60004590e 3246610 wordpress_4.2.1+dfsg-1_all.deb
 32d369954d5b7502bb177a40f5d855fc25100fad5c92f13b8392d618c48f084f 4238494 wordpress-l10n_4.2.1+dfsg-1_all.deb
 255a4a7f41733dc83e9520fe373f57f238b499e19df3324ebe359a71bd33fa4c 507704 wordpress-theme-twentyfifteen_4.2.1+dfsg-1_all.deb
 b58244e19ae56b0f3ac7c92e41195cf2da31a47f9535312a3215e2a4273a5296 803580 wordpress-theme-twentyfourteen_4.2.1+dfsg-1_all.deb
 08c5dbb06c0e912e73226efdaf4f255dd4b9876e6470bb4bec816a4f0c725dd6 322926 wordpress-theme-twentythirteen_4.2.1+dfsg-1_all.deb
Files:
 f3838c7e39abd9e3600bae0181768f94 2519 web optional wordpress_4.2.1+dfsg-1.dsc
 b1e77a84dd7b08d283e85f0bad82984e 4833460 web optional wordpress_4.2.1+dfsg.orig.tar.xz
 c0740c5d5bd9af8889bafb9fc8820452 5980548 web optional wordpress_4.2.1+dfsg-1.debian.tar.xz
 ef84af020de552996b91448511a6f93d 3246610 web optional wordpress_4.2.1+dfsg-1_all.deb
 5ca1877ca03ae4aa82b79110dbb27252 4238494 localization optional wordpress-l10n_4.2.1+dfsg-1_all.deb
 17a8013b07fcd5988a29bbb01c4c20d9 507704 web optional wordpress-theme-twentyfifteen_4.2.1+dfsg-1_all.deb
 7d44a8b022f5e3ec5066d7a54f72cfe0 803580 web optional wordpress-theme-twentyfourteen_4.2.1+dfsg-1_all.deb
 8fb7e1eac112f35516ecedf561c16f64 322926 web optional wordpress-theme-twentythirteen_4.2.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVPrwRAAoJEDk4+WvfUP6lyF0P/3JvbWDsec3RhuJ+SbIHiXqZ
vE/QfRMYiSFhcDbLwfdJLp731eT0gZ8fEbRFZu8cJoXswQvw5ggzk8kTR8DfKU4O
8jGGvHGk8MgDznXE7N3F1VMVGGSEW3n0C+LeDSG9Ij+z02kP9tXffuOJeQhh4qrY
VMH0cJg3X6SHA7E/jSqSlvqV+7AztvG3grRtvSXxu4EY5Ya1Oi6kLlWOpgU51+9+
lqbhlilYKbLJ0x0XKMPClnUfh4uaWANEh7ffuFL48rRasJo476/5JQeH72MvpJt5
ABLtRT9ERpJigFmUlKtYnGdcwb9tEs8Q+1fnJtGkLbyiL9DUzGX2SFjb5IbY9Xuh
Z/tI/eKbDPFB9AXdoF4pHJaHJy2oDSbtxdjFhhnrtB2aXlZkb7Ck9cQd9LvKCvDw
kt5KmVGtJc08bLaratKqxfM7PrK9aTwB1woYCKXwtHstItxbPk4j9DLqgGoNqLzO
CbELAs8dh/+PKKmkei6/8WuzeY6YAPevC7/iqLXYUB4XM93mq9PHrJUK9XVHmCmd
i2GxZB4RjoVtdEfZXU1lgfpRUnfDTKJ0r3XQT2dSzhRHIE/1KZM7RRt7ZKhZwRZ2
0UsLj2tsv5O8VXaGA8cEZ7c8BC9W1IhwXAZHFUnjcRlwwaD44qqzGSTVNr9/68hX
RGfRF5MWNwG3z7ae1Idq
=28fE
-----END PGP SIGNATURE-----

Message #15 received at 783554-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-submitter@bugs.debian.org

Subject: Bug#783554 marked as pending

Date: Mon, 27 Apr 2015 23:54:07 +0000

tag 783554 pending
thanks

Hello,

Bug #783554 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=5788ec3

---
commit 5788ec3dc1bab4f0ade614b1feaf37859d4ab6f9
Author: Craig Small <csmall@debian.org>
Date:   Tue Apr 28 08:34:58 2015 +1000

    4.2.1-1 release

diff --git a/debian/changelog b/debian/changelog
index 16726f0..e53586b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+wordpress (4.2+dfsg-2) unstable; urgency=high
+
+  * New Security release Closes: #783554
+  * Patches another XSS due to field length
+
+ -- Craig Small <csmall@debian.org>  Tue, 28 Apr 2015 08:32:48 +1000
+
 wordpress (4.2+dfsg-1) unstable; urgency=high
 
   * New upstream release

Message #18 received at 783554-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-submitter@bugs.debian.org

Subject: Bug#783554 marked as pending

Date: Tue, 28 Apr 2015 12:14:12 +0000

tag 783554 pending
thanks

Hello,

Bug #783554 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=be336b4

---
commit be336b48e96f2c562cd2f0334593de3ea29b8231
Author: Craig Small <csmall@debian.org>
Date:   Tue Apr 28 22:10:40 2015 +1000

    fixed bug# typo

diff --git a/debian/changelog b/debian/changelog
index 22110d3..64cb938 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,7 +7,7 @@ wordpress (4.1+dfsg-1+deb8u1) jessie-security; urgency=high
     - Changeset 32174 multisite change extra checks
     - Changeset 32176 Dashboard escapes titles
     - Changeset 32234 More WPDB query sanity
-  * Backport of 4.2.1 for security fixes Closes: #783354
+  * Backport of 4.2.1 for security fixes Closes: #783554
     - Changeset 32307: XSS for long 64k+ comments
 
  -- Craig Small <csmall@debian.org>  Tue, 28 Apr 2015 21:41:54 +1000

Message #25 received at 783554-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-submitter@bugs.debian.org

Subject: Bug#783554 marked as pending

Date: Sat, 02 May 2015 04:11:33 +0000

tag 783554 pending
thanks

Hello,

Bug #783554 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=290cf3d

---
commit 290cf3df05eb43415aff560ec824dd6d5f319399
Author: Craig Small <csmall@debian.org>
Date:   Sat May 2 14:09:12 2015 +1000

    4.2.1 and 4.1.2 packages backported
    
    All the relevant changesets from wordpress 4.1.2 and
    4.2.1 backported for wheezy.
    
    Bugs: #783347

diff --git a/debian/changelog b/debian/changelog
index a0781c0..330a607 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+wordpress (3.6.1+dfsg-1~deb7u6) wheezy-security; urgency=medium
+
+  * Wordpress 4.2.1 and 4.1.2 security fixes
+  * Backports of 4.1.2 security fixes Closes: #783347
+    - Changeset 32163 sanity checks
+    - Changeset 32165 sanitize order by
+    - Changeset 32174 multisite change extra checks
+    - Changeset 32176 Dashboard escapes titles
+    - Changeset 32234 More WPDB query sanity
+  * Backport of 4.2.1 for security fixes Closes: #783554
+    - Changeset 32307: XSS for long 64k+ comments
+  * Changeset 32172 NOT applied as bug introduced later
+
+ -- Craig Small <csmall@debian.org>  Sat, 02 May 2015 14:04:44 +1000
+
 wordpress (3.6.1+dfsg-1~deb7u5) wheezy-security; urgency=high
 
   * Non-maintainer upload by the Security Team.

Message #30 received at 783554-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-close@bugs.debian.org

Subject: Bug#783554: fixed in wordpress 4.1+dfsg-1+deb8u1

Date: Tue, 05 May 2015 19:47:11 +0000

Source: wordpress
Source-Version: 4.1+dfsg-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783554@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2015 12:59:53 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 783347 783554
Changes:
 wordpress (4.1+dfsg-1+deb8u1) jessie-security; urgency=high
 .
   * Backports of 4.1.2 security fixes Closes: #783347
     - Changeset 32163 sanity checks
     - Changeset 32165 sanitize order by
     - Changeset 32172 filename check
     - Changeset 32174 multisite change extra checks
     - Changeset 32176 Dashboard escapes titles
     - Changeset 32234 More WPDB query sanity
   * Backport of 4.2.1 for security fixes Closes: #783554
     - Changeset 32307: XSS for long 64k+ comments
Checksums-Sha1:
 94a3a76c5053d9e2c2f3c0bceced2206f490df45 2533 wordpress_4.1+dfsg-1+deb8u1.dsc
 0b105e79723c1f1c16764eb98122ed426f738940 4749996 wordpress_4.1+dfsg.orig.tar.xz
 b38521fe49f31729c6c1043db02321dd24acca2e 6099980 wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
 31bf2fc2775ca23889269eca22dd4351ff4c97fc 3166172 wordpress_4.1+dfsg-1+deb8u1_all.deb
 3b0378f7e1507698507999f040be00567417eef1 4236442 wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
 59746a6d72a28439e4480214d980ca115f1b3fac 507016 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
 ab210a7d4cd1422949efbb8e4fbbeefccf6a5847 802872 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
 d198be75f96414f176d169e79cdde3bbfe475cc9 322378 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb
Checksums-Sha256:
 41e8a4182c01cef29eb8dacc45ce936f7b8695e8d494ec20a7b517b98a5d1bc7 2533 wordpress_4.1+dfsg-1+deb8u1.dsc
 11ca9ce2f5b05866df9521a50b8be22ac2315f652aa95ba49bdb202c5dda4954 4749996 wordpress_4.1+dfsg.orig.tar.xz
 121586a27de1bae14d9b49716b2f273b9f6f35cce92e8d206d4ae1fa225bd0d0 6099980 wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
 dc228c41d60a19e7a82d75ec585321d880f464fb4fd8ee57ff6b7b05b894886a 3166172 wordpress_4.1+dfsg-1+deb8u1_all.deb
 778e3ae0816a1ce0687d7363496fe65072d6c8e34d7e774914e4741962762e64 4236442 wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
 7e04ac07f14ca4808a4146b24f3187dde246945c4c25b7b06567553e7ccf4ae8 507016 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
 674eaa355cb34a6501cf36695a6933c4c60caddcdb8a1819237b52ddc80028c1 802872 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
 5bd200b0f06710ce4f9f89838dd20204354bbdf0ce4bd033f4729ccd618feb38 322378 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb
Files:
 d852da545618a53ee46ed6ef63526e6e 2533 web optional wordpress_4.1+dfsg-1+deb8u1.dsc
 90db367f6588135c80a22a91e1c42fcd 4749996 web optional wordpress_4.1+dfsg.orig.tar.xz
 47bdcf156fd8464b72721416c270e150 6099980 web optional wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
 0cd986a2a5e9d08e33c475b6e7db5640 3166172 web optional wordpress_4.1+dfsg-1+deb8u1_all.deb
 a4627b36843ab6af180e6c1e1e8621d8 4236442 localization optional wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
 5e154ee5c3d36d5eccec371cd06d8c50 507016 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
 024aa861b06e201811fcb910a5b4fde9 802872 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
 20b7a0629ebff373db130495aa86e8a7 322378 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVREScAAoJEDk4+WvfUP6lPPsP/3Y49JclYT+acUjYrUXtyzBm
bHbbzMb4jH+SiQ0waJsGanSSYeJfnpCYxe8Sle8L9uGZDaoc1UvdAePYx0E+UqS5
qPy5R2Yi9viEiYCanER3ko16Ymbfe6XSzB/BGDYHQFQ6ez9VVcH5L1hcoyF3uhds
z2c1vWFvYAQeiKI2Z50WRuyx+AS5nQ0cVBheGo09vYlTZ4DljPWkul5UHJhu5UqK
Ps2YvT62VeHW9MMwjgUJkBVhqEG9gWprRaG9d7xd8IxJj7HU2iFoahdcQA3svZyB
ZEj5ShV2wrOEXJxb67suQ4/D8Sa44aX5jNuBYah4w2drMZgWhMIfwHnHYH7sm1R8
9qN160aTsc7do0EvmHkd9wfmFPf4GvBsrhstwgHeIRd8IM/zs2Q34yesMJpSrPw/
+tgUoB/Dbx5/RHPKqxUztZfMGxdxjrAqL6/mqjhacMH+VWRIZmkx/UblSiKknxL9
Lu4exW/FCXBQFo8cYumHP9mbFn2i8/jy4Lwr3GONhoLNAFsXXgq0DingY/ilRcvF
z0YYR7YzlwQkUUd6efEU0jpkuxn7qg+0fWYYy5FIBAmG05X98c9+dJD04246vPhI
TJ50vvgqw/P6Mfa/M3PbOHp+HFJAQUTD0bc0agK/o6janKrF88DmVDMTHbgedBDb
SNSJdwcwpzYvft2LG+Ld
=4agW
-----END PGP SIGNATURE-----

Message #35 received at 783554-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 783554-close@bugs.debian.org

Subject: Bug#783554: fixed in wordpress 3.6.1+dfsg-1~deb7u6

Date: Tue, 05 May 2015 19:50:51 +0000

Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb7u6

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783554@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2015 14:04:44 +1000
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 783347 783554
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u6) wheezy-security; urgency=high
 .
   * Wordpress 4.2.1 and 4.1.2 security fixes
   * Backports of 4.1.2 security fixes Closes: #783347
     - Changeset 32163 sanity checks
     - Changeset 32165 sanitize order by
     - Changeset 32174 multisite change extra checks
     - Changeset 32176 Dashboard escapes titles
     - Changeset 32234 More WPDB query sanity
   * Backport of 4.2.1 for security fixes Closes: #783554
     - Changeset 32307: XSS for long 64k+ comments
   * Changeset 32172 NOT applied as bug introduced later
Checksums-Sha1: 
 6f54cad28fbfe673f9a319fd6d78ef83f893df77 2319 wordpress_3.6.1+dfsg-1~deb7u6.dsc
 7119aca4b8f3f4c8e84c1234280fbdeefe4d3d9a 5257884 wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 8271203fe2e555f74950b6b35ee94a367b6f7544 3968708 wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 7402a1d88ade89f5f582fce96841c92db251486e 8871404 wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb
Checksums-Sha256: 
 77d15ca65d639d01c98cec03ae92232c7bc6dbd9aaf736cea9e9dc5f0636d0db 2319 wordpress_3.6.1+dfsg-1~deb7u6.dsc
 b9f205ad169ceea7d9103ee7dde81eefeb5bfea606226802cf20d2a3ce855ee7 5257884 wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 8bc3740186fcedbaa66f840dcf0b8c69ca17b973517d74301682a5d9441c7437 3968708 wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 05701eaf98b1961ce27168bd7d8d5230b5f1dba9d5402d410ccb28fdd872e0ee 8871404 wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb
Files: 
 dc9375edfe7ee0583e4d4457ade2b3ce 2319 web optional wordpress_3.6.1+dfsg-1~deb7u6.dsc
 b1725a153d55e852c8c37c0cf1069907 5257884 web optional wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 c1038f5f72ce53101069929d9794af49 3968708 web optional wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 2fc7ea8214aa14c942114d285791ab30 8871404 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVR2LAAAoJEDk4+WvfUP6lua8QAJQ4MjtNcg1wEYJjjMVEWhCF
Mks8dhcQu8YKx25xbqub9FqriZjnJPPtax3OQ/DuNzjDQytJJqbv03n7rT8/eK8V
8YO38KYxrMD6jPp40YGpiq3oMnwpVvoxrzqQ31vNR0rdf4hKf1iKYzEaonVOn9iT
f2tqNYAXMcF9mmoKURbZPIeZMUUZXHBhWv9ZSIX3VMVDiYOwNN5acVTRmPD47bH0
/3tSHlG7oOd2KDttF8lrm94Ukh5YA6/dQhfgJsx5Q0umoeMioK2eLSg2B1YULuSq
ycVg9PTG/JV6bbP9CwCluRYOUvR/dWS5+QQY0dq6GuooAVcBBtYI0cpxKet/3J9V
dnOkS70Gon/PMbtUnhtEpgG6HSZr18B/hXLE0THZf6JU+HPu4VZzQvN6OqSfhXvk
PVeWlhk97j0FLUcDeMwlpusu4tfXjR4gkHWk0V5tWjRdgDp3MUMmufdvVaFIFmot
I0Jaeco/dUfvI0tihCfUT4pWAw7hEby8SCB5qfha+5mtbwxjlAqmAcmB/HY54XdI
/XIvm23X0FeUrqm7jIMvEuX+HSZKTA3/V7Y5rwCm7PMAu4rOutYQSUJ8Y22oczgA
0RCj+BjQgBLwZ1gbKMudu3ukvMCluxEqXdNdP49CJ04jpQCQ8W2suFGKWXyylXOc
nqjyA9VHcyRjim+fxhny
=twUh
-----END PGP SIGNATURE-----

Message #40 received at 783554-close@bugs.debian.org (full text, mbox, reply):

From: Mike Gabriel <sunweaver@debian.org>

To: 783554-close@bugs.debian.org

Subject: Bug#783554: fixed in wordpress 3.6.1+dfsg-1~deb6u6

Date: Mon, 01 Jun 2015 11:53:09 +0000

Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb6u6

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 783554@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 01 Jun 2015 13:07:25 +0200
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb6u6
Distribution: squeeze-lts
Urgency: medium
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 770425 783347 783554
Changes: 
 wordpress (3.6.1+dfsg-1~deb6u6) squeeze-lts; urgency=medium
 .
   [ Mike Gabriel ]
   * Non-maintainer upload by the Squeeze LTS Team.
     + Backport patch set from wordpress in Debian wheezy
       (3.6.1+dfsg-1~deb7u5 and 3.6.1+dfsg-1~deb7u6).
     + For details, see below.
 .
   [ Craig Small ]
   * From 3.6.1+dfsg-1~deb7u6...
   * Backports of 4.1.2 security fixes (CVE-2015-3438, CVE-2015-3439).
     (Closes: #783347).
     - Changeset 32163 sanity checks
     - Changeset 32165 sanitize order by
     - Changeset 32174 multisite change extra checks
     - Changeset 32176 Dashboard escapes titles
     - Changeset 32234 More WPDB query sanity
   * Backport of 4.2.1 for security fixes Closes: #783554
     - Changeset 32307: XSS for long 64k+ comments (CVE-2015-3440).
   * Changeset 32172 NOT applied as bug introduced later.
 .
   * From 3.6.1+dfsg-1~deb7u5...
   * Backport patches for 3.7.4->3.7.5 (Closes: #770425).
     - CVE-2014-9031 XSS in wptexturize() via comments or posts
     - CVE-2014-9033 CSRF in the password reset process
     - CVE-2014-9034 Denial of service for giant passwords
     - CVE-2014-9035 XSS in Press This
     - CVE-2014-9036 XSS in HTML filtering of CSS in posts
     - CVE-2014-9037 Hash comparison vulnerability in old passwords
     - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block
       the loopback IP address space
     - CVE-2014-9039 Email address change didn't invalidate previously sent
       password reset
Checksums-Sha1: 
 8579908c887fbf54853c35656000f252b859ad5f 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc
 d6c057f370bbe0e14a4e401e0f4af4ca0f39900b 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz
 f47b685b0549607a5ed361883932d563b802ee7a 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb
 fa08938e7c79647ed5b81431794b566afb2c717e 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb
Checksums-Sha256: 
 0973d67ec3bfb3d5640f40d4f05720cb9312c83ff170e4bbdd5c84375bed5928 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc
 313a26e3b23acc805c883faacdc70dcbd7388478ba07fb76312c7a2b12bd8e1f 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz
 877e790334675ee6e77d4e130d61cd381e260ae724ccf30996994ac19a70d490 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb
 e72c9b4bb1985a04ae0b6006faba85184d031f6758d1914956d8f6f31dd39071 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb
Files: 
 83ee2d80c631c8506d121dc0fc2b0c28 2194 web optional wordpress_3.6.1+dfsg-1~deb6u6.dsc
 166957d040da2b4a989d6574070ac6bf 11018022 web optional wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz
 bb6760d7fd9db4ae24c253739e02e445 3992404 web optional wordpress_3.6.1+dfsg-1~deb6u6_all.deb
 2c0ca74294de6264aa48e4fe63d14d34 8869726 localization optional wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVbEIrAAoJEJr0azAldxsx3mQQAJwp+0XGRI2IdL3ObCKd2ic3
3iqRo2EcQME9z8+KI1uDXzLNa+1GFAUW1WiqzIetvcrNAIz9YVt7DGVaL6SZQSQu
adZcHsXgtw/+NJBiqx6Nfjk6Uo6Xh7WMBhHVwt2QpHIt5I7xKK6RWN3aiXdNOuGq
lYqvGZt/TAu5FiPU09iUqp5OcflcCVnHvRm/d/UwU20cS43voYvhrhj3kXXqOMyV
x3uuAC/Uz9Lp64WO+FDFH+skIAUV4zTQw0auQCefOF+vNjvcWezUiDTfez0t0XUv
yLNHFM/w1Heu4ZOaOC+ntO3hyJzyEFTqFpoPu9d2ilM5KGQcqn4vEXHIyEA0pwD7
a++5v+S9Q+ELwc1LUKEElv7gOu0NTk2+cHk0IQ2b2CcANu+I43vXN313Vhua/TF4
sYIp8Q7hv52fpgtWeaCGhZZPdUC65D8Z28pBFcIjNZek8JMH++m9s9r3yx4xHSqT
b3s1lsVWGfa4ZC2XjVF7FPrAb2b1g+ld7TG7f+N4NEV2hJN+DKKeU/GZZREm/o4t
AocQcqmJsxi0KGSZCXbqZTvTCyT6WOuVU6sWPvypKuEJuUvO48ZOdDFCqzbPUyqp
DUdPqPShD5qdDgEghug+7dbcoc+yF6t5Zzo7f308O/acIJnHAMknAC23Z3Sj7TA3
6vuQhTo9ij4MxEOZGb/m
=ylZN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.