Debian Bug report logs -
#680721
wordpress: Several security vulnerabilities fixed in 3.4.1 CVE-2012-3383, CVE-2012-3384, CVE-2012-3385
Reported by: Henri Salo <henri@nerv.fi>
Date: Sun, 8 Jul 2012 08:09:09 UTC
Severity: important
Tags: security
Found in versions wordpress/3.3.2+dfsg-1, 3.3.2+dfsg-1~squeeze1
Fixed in version wordpress/3.4.1+dfsg-1
Done: Raphael Hertzog <hertzog@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Sun, 08 Jul 2012 08:09:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Sun, 08 Jul 2012 08:09:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wordpress
Version: 3.3.2+dfsg-1~squeeze1
Severity: important
Tags: security
Several security vulnerabilities has been fixed in WordPress version 3.4.1 [1]. CVE-identifiers assigned in oss-security mailing list [2][3]. These issues should be patched as soon as possible. Please ask in case you need my help.
1: http://codex.wordpress.org/Version_3.4.1
2: http://www.openwall.com/lists/oss-security/2012/07/02/1
3: http://www.openwall.com/lists/oss-security/2012/07/08/1
- Henri Salo
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Sun, 08 Jul 2012 19:54:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Sun, 08 Jul 2012 19:54:03 GMT) (full text, mbox, link).
Message #10 received at 680721@bugs.debian.org (full text, mbox, reply):
Hello,
On Sun, 08 Jul 2012, Henri Salo wrote:
> Package: wordpress
> Version: 3.3.2+dfsg-1~squeeze1
> Severity: important
> Tags: security
>
> Several security vulnerabilities has been fixed in WordPress version
> 3.4.1 [1]. CVE-identifiers assigned in oss-security mailing list [2][3].
> These issues should be patched as soon as possible. Please ask in case
> you need my help.
Yes, I'll gladly accept help.
Are you able to extract and backport the relevant patches?
If yes, we definitely want you as co-maintainer. :-)
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Marked as fixed in versions wordpress/3.4.1+dfsg-1.
Request was from Raphaël Hertzog <hertzog@debian.org>
to control@bugs.debian.org.
(Sun, 08 Jul 2012 19:54:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Mon, 09 Jul 2012 04:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Hor Jiun Shyong <jiunshyong@gmail.com>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Mon, 09 Jul 2012 04:09:07 GMT) (full text, mbox, link).
Message #17 received at 680721@bugs.debian.org (full text, mbox, reply):
Hi,
I would like to offer my help for the wordpress package too. Thanks.
-
Regards,
Hor Jiun Shyong 何俊雄
Blog: jiunshyong.dyndns.org
twitter.com/jiunshyong
facebook.com/jiunshyong
I'm an FSF member -- Help us support software freedom! http://www.fsf.org/jf?referrer=2442
Knowing is not enough, we must apply. Willing is not enough, we must do - Bruce Lee.
On 07/09/2012 03:49 AM, Raphael Hertzog wrote:
> Hello,
>
> On Sun, 08 Jul 2012, Henri Salo wrote:
>> Package: wordpress
>> Version: 3.3.2+dfsg-1~squeeze1
>> Severity: important
>> Tags: security
>>
>> Several security vulnerabilities has been fixed in WordPress version
>> 3.4.1 [1]. CVE-identifiers assigned in oss-security mailing list [2][3].
>> These issues should be patched as soon as possible. Please ask in case
>> you need my help.
> Yes, I'll gladly accept help.
>
> Are you able to extract and backport the relevant patches?
>
> If yes, we definitely want you as co-maintainer. :-)
>
> Cheers,
-
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Mon, 09 Jul 2012 06:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Mon, 09 Jul 2012 06:09:04 GMT) (full text, mbox, link).
Message #22 received at 680721@bugs.debian.org (full text, mbox, reply):
Hi,
On Sun, 08 Jul 2012, Henri Salo wrote:
> On Sun, Jul 08, 2012 at 09:49:57PM +0200, Raphael Hertzog wrote:
> > Are you able to extract and backport the relevant patches?
>
> I haven't done this before. What does this exactly mean? I am not a Debian developer yet.
What kind of help had you in mind?
In any case, the above text means:
1/ finding out the upstream commit that fixes the security issue
2/ trying to apply it to the version that we have in Debian stable
3/ adapting it if required (because the code evolved between
3.3.2 and 3.4.1 and the patch might not apply any more)
There's no need to be a Debian developer to do this. Submitting patches by
mail here is perfectly OK.
Going further, if you help on a regular basis, I can get you added to the
Alioth project so that you can commit your work directly.
On Mon, 09 Jul 2012, Hor Jiun Shyong wrote:
> I would like to offer my help for the wordpress package too. Thanks.
Great!
Do you need direction to get started or do you already know how you can
help?
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Mon, 09 Jul 2012 07:57:26 GMT) (full text, mbox, link).
Acknowledgement sent
to Hor Jiun Shyong <jiunshyong@gmail.com>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Mon, 09 Jul 2012 07:57:26 GMT) (full text, mbox, link).
Message #27 received at 680721@bugs.debian.org (full text, mbox, reply):
On 07/09/2012 02:06 PM, Raphael Hertzog wrote:
> Great!
>
> Do you need direction to get started or do you already know how you can
> help?
>
> Cheers,
Yes , I would need direction on how to get started. Thanks.
Regards,
Hor Jiun Shyong 何俊雄
Blog: jiunshyong.dyndns.org
twitter.com/jiunshyong
facebook.com/jiunshyong
I'm an FSF member -- Help us support software freedom! http://www.fsf.org/jf?referrer=2442
Knowing is not enough, we must apply. Willing is not enough, we must
do - Bruce Lee.
Information forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>:
Bug#680721; Package wordpress.
(Tue, 10 Jul 2012 07:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <iuculano@debian.org>.
(Tue, 10 Jul 2012 07:12:03 GMT) (full text, mbox, link).
Message #32 received at 680721@bugs.debian.org (full text, mbox, reply):
On Tue, 10 Jul 2012, Hor Jiun Shyong wrote:
>
> On 07/09/2012 02:06 PM, Raphael Hertzog wrote:
> >Great!
> >
> >Do you need direction to get started or do you already know how you can
> >help?
> >
> >Cheers,
>
> Yes , I would need direction on how to get started. Thanks.
FTR, I had another mail of Hor where I suggested those activities:
There are many ways to help:
- bug triage and forwarding bugs upstream
- submitting upstream some of the patches in debian/patches/
which haven't been submitted yet
- trying to backporting security fixes to the version in stable
- developing a tool to automatically package wordpress plugins
and themes
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Marked as found in versions wordpress/3.3.2+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 29 Dec 2012 11:03:07 GMT) (full text, mbox, link).
Reply sent
to Raphael Hertzog <hertzog@debian.org>:
You have taken responsibility.
(Tue, 26 Feb 2013 14:51:07 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 26 Feb 2013 14:51:07 GMT) (full text, mbox, link).
Message #39 received at 680721-done@bugs.debian.org (full text, mbox, reply):
Versions: 3.4.1+dfsg-1
Hello,
this has been fixed in version 3.4.1 upstream. Closing properly with
version tracking.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Mar 2013 07:26:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:04:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon