wordpress: CVE-2016-1564: Cross site scripting vulnerability

Debian Bug report logs - #810325
wordpress: CVE-2016-1564: Cross site scripting vulnerability

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wordpress: Cross site scripting vulnerability

Date: Fri, 08 Jan 2016 21:46:46 +1100

Source: wordpress
Version: 4.4
Severity: important
Tags: security upstream

Wordpress 4.4.1 is out with the following message[1]

WordPress 4.4.1 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately.

WordPress versions 4.4 and earlier are affected by a cross-site
scripting vulnerability that could allow a site to be compromised. This
was reported by Crtc4L.

sid will be easy as its an upgrade to 4.4.1 I'm having trouble figuring
out what changeset is the relevant one. Without that, I cannot pass the
the one changeset out of the 40 or 50 down to the other dists.


 - Craig
1: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Message #10 received at 810325-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 810325-close@bugs.debian.org

Subject: Bug#810325: fixed in wordpress 4.4.1+dfsg-1

Date: Fri, 08 Jan 2016 11:35:44 +0000

Source: wordpress
Source-Version: 4.4.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810325@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 Jan 2016 22:05:11 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen
Architecture: source all
Version: 4.4.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 810325
Changes:
 wordpress (4.4.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream release
   * Fixes XSS vulnerability Closes: #810325
Checksums-Sha1:
 970ec1a38515a4022eeaf66eb00559bd9ea5842c 2517 wordpress_4.4.1+dfsg-1.dsc
 cc23dea3026efd87cec4bdec75ba8ce8612eea52 5457312 wordpress_4.4.1+dfsg.orig.tar.xz
 71d86683e44e50d54d4cd911bdb75b5047f6509b 6054660 wordpress_4.4.1+dfsg-1.debian.tar.xz
 b808fc73272b31dd3309722ac161ed9b2a4ccc12 4363514 wordpress-l10n_4.4.1+dfsg-1_all.deb
 a76b9630b0f078a7e2fdb6c538f7871f416d4fa2 502554 wordpress-theme-twentyfifteen_4.4.1+dfsg-1_all.deb
 8ad1563fa7dd48144140fe4a0680f5dc6066ad3b 803980 wordpress-theme-twentyfourteen_4.4.1+dfsg-1_all.deb
 c7f230137c366e2a727a8be2d8852ca06d232e7e 587798 wordpress-theme-twentysixteen_4.4.1+dfsg-1_all.deb
 464b0adbc73a4b2a7e8e65eedc4b7082ce3d89b1 3542656 wordpress_4.4.1+dfsg-1_all.deb
Checksums-Sha256:
 1f17884943593a7647e0d8df6dd1d6a3564781f2a29fef569c352ae29fcb169c 2517 wordpress_4.4.1+dfsg-1.dsc
 044de90019384a5057c2ac882ddee91883c784fff45e4a2e28cdc556d743d6ed 5457312 wordpress_4.4.1+dfsg.orig.tar.xz
 04ae488120f1301a184d9b89925b8e894c0b4da0a3e65035d630dcae5998f0ee 6054660 wordpress_4.4.1+dfsg-1.debian.tar.xz
 dcacc03e3aa69f89a7fb18980f945b4cd074058f64c0365449e6efdce5e89426 4363514 wordpress-l10n_4.4.1+dfsg-1_all.deb
 fd6ad19bf122ca2f417cf0713efb605eafe7d7d680d72accf1d3f83c0dbfa68f 502554 wordpress-theme-twentyfifteen_4.4.1+dfsg-1_all.deb
 9be1881fa9c9c0e95d9ed02f37e20dc7f392de174adc6a049ac305267e771929 803980 wordpress-theme-twentyfourteen_4.4.1+dfsg-1_all.deb
 37ce30c29fccbb24f9d53244a44eb0c91ad59736c9edaf26e0aeacfaccc303bb 587798 wordpress-theme-twentysixteen_4.4.1+dfsg-1_all.deb
 5136960d97e6f580b110504dbbaccb3239f854b5c00e253b111e4fab6d397158 3542656 wordpress_4.4.1+dfsg-1_all.deb
Files:
 f3e0894b8c79d1737a324e80a4f67b18 2517 web optional wordpress_4.4.1+dfsg-1.dsc
 168a7bd4233e80a3589d164532c838bd 5457312 web optional wordpress_4.4.1+dfsg.orig.tar.xz
 bdd32bb44077a7ad6b0b03729555c6ad 6054660 web optional wordpress_4.4.1+dfsg-1.debian.tar.xz
 537003910b086e80fa503b57d7548f9d 4363514 localization optional wordpress-l10n_4.4.1+dfsg-1_all.deb
 889f676793deb5cb2e8d46835d03095a 502554 web optional wordpress-theme-twentyfifteen_4.4.1+dfsg-1_all.deb
 d6db5297a45e40288a27a45d1c8c7fd6 803980 web optional wordpress-theme-twentyfourteen_4.4.1+dfsg-1_all.deb
 b55236f33fab4896aa3f69fba8635092 587798 web optional wordpress-theme-twentysixteen_4.4.1+dfsg-1_all.deb
 bd4aa03ff3ddf7ef0d4b22edecdd3a12 3542656 web optional wordpress_4.4.1+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWj5lEAAoJEAIhZsD/PITjtoYP/R5VjbWJ6dt8eP/w/Ucx8AaJ
dfkDIc2efM/zn2C2+QbaP6H3IzqDrmCSiuZN48sveTMxAUV3QbrRdYvCKc+KVFM0
7Buw/UciQgiRciDmk3iByB6mz7K1pH8v+BPfJkaG9OTf+BmW6Sjk3PZl8GQvwOnK
zPPTbIKcHOyAlULBb9maR7BvSWOlYCOx1gGEQ0z2DoTk+UXZND9mV4EUT+G0DpgO
t8mQfaIk++z03t8TiCxDeqqUK+APe5p1YWepwVQwFHUMdbYv8EBrKTEGf6doDz5j
kX/yzPGpYxJZQqQ8g0qYlR9CxJuw3pcL84wtabyecxXgDTCzT3Oby2pYUEdU5Ghh
lPaFBzA/U9yFpKpRYCMDV8+aYSTWULxAFMFhQAyImE/RvRg0c9B410fPS3rOd9sp
W+8M/Lw7r0JULwHIdXTfTIeVJmlyvl3vxojJ8AUu+Q9Jrc1Bz8lyUKwZc+aDZtab
spnj5K7kyG+K4ckdBxTJROxD8+sSBH0DSMGquejhtEH46DiiWvogiltw/PUOcEg2
KznSHBXjgSjX0inuRmi7NgvPb6a6R1H9QVwx9LiVotwCsmVLPBl5oeiKIOEff90V
KMKQQps5VO+5gjRrhkxZHqSJn5J1W63q8+sF90nSdeeYHdOupTBIjwyftEfA1I8+
aBvIItJszXHx+2VzOR4B
=HBGs
-----END PGP SIGNATURE-----

Message #23 received at 810325@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Craig Small <csmall@debian.org>, 810325@bugs.debian.org

Subject: Re: Bug#810325: wordpress: Cross site scripting vulnerability

Date: Fri, 8 Jan 2016 16:47:52 +0100

Hi,

On Fri, Jan 08, 2016 at 09:46:46PM +1100, Craig Small wrote:
> Source: wordpress
> Version: 4.4
> Severity: important
> Tags: security upstream
> 
> Wordpress 4.4.1 is out with the following message[1]
> 
> WordPress 4.4.1 is now available. This is a security release for all
> previous versions and we strongly encourage you to update your sites
> immediately.
> 
> WordPress versions 4.4 and earlier are affected by a cross-site
> scripting vulnerability that could allow a site to be compromised. This
> was reported by Crtc4L.
> 
> sid will be easy as its an upgrade to 4.4.1 I'm having trouble figuring
> out what changeset is the relevant one. Without that, I cannot pass the
> the one changeset out of the 40 or 50 down to the other dists.

CVE-2016-1564 has been assigned for issue. The relevant change should
be https://core.trac.wordpress.org/changeset/36185 .

Regards,
Salvatore

Message #28 received at 810325@bugs.debian.org (full text, mbox, reply):

From: Rodrigo Campos <rodrigo@sdfg.com.ar>

To: Craig Small <csmall@debian.org>, 810325@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Wordpress backported patches

Date: Fri, 8 Jan 2016 15:15:45 -0300

Or, if you prefer, you can see the changes backported to 4.1 directly by
wordpress (they release 4.1.9 that you can use as base for debian stable).

Also, if you want to see the patches in git, you can see:

	https://github.com/WordPress/WordPress/commits/4.1-branch

The relevant patch that Salvatore points out, is backported there (in fact,
there are only 3 patches in this new 4.1.x release).

So, if the patch does not apply cleany, as long as wordpress maintains that
branch, you can just apply the patches from there.




Thanks a lot,
Rodrigo

Message #33 received at 810325-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 810325-submitter@bugs.debian.org

Subject: Bug#810325 marked as pending

Date: Fri, 08 Jan 2016 21:50:04 +0000

tag 810325 pending
thanks

Hello,

Bug #810325 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=66163cf

---
commit 66163cfb7bac619d45d60b1c849bbf810c34beb0
Author: Craig Small <csmall@debian.org>
Date:   Sat Jan 9 08:15:55 2016 +1100

    Backport changeset 36185 to fix XSS
    
    Fixes CVE-2016-1564 and closes #810325
    XSS in theme title

diff --git a/debian/changelog b/debian/changelog
index d1b87cd..f105d3e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (4.1+dfsg-1+deb8u7) UNRELEASED; urgency=high
+
+  * Apply changeset 36185 fixes XSS CVE-2016-1564 Closes: #810325
+
+ -- Craig Small <csmall@debian.org>  Sat, 09 Jan 2016 08:13:50 +1100
+
 wordpress (4.1+dfsg-1+deb8u6) jessie-security; urgency=high
 
   * Fix changeset 33359 Closes: #803100

Message #36 received at 810325-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 810325-submitter@bugs.debian.org

Subject: Bug#810325 marked as pending

Date: Sat, 09 Jan 2016 20:38:51 +0000

tag 810325 pending
thanks

Hello,

Bug #810325 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=b0ef225

---
commit b0ef22520c119b6b44d36e83796e79e633d4e789
Author: Craig Small <csmall@debian.org>
Date:   Sat Jan 9 09:04:00 2016 +1100

    Apply changeset cs36185
    
    Fixes CVE-2016-1564
    Closes #810325
    
    Escaping the template's name

diff --git a/debian/changelog b/debian/changelog
index b3b106c..3d83186 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (3.6.1+dfsg-1~deb7u9) UNRELEASED; urgency=medium
+
+  * Apply changeset 36185 fixes XSS CVE-2016-1564 Closes: #810325
+
+ -- Craig Small <csmall@debian.org>  Sat, 09 Jan 2016 09:00:54 +1100
+
 wordpress (3.6.1+dfsg-1~deb7u8) wheezy-security; urgency=high
 
   * Backport of 4.3.1 security fixes Closes: #799140

Message #41 received at 810325-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 810325-close@bugs.debian.org

Subject: Bug#810325: fixed in wordpress 4.1+dfsg-1+deb8u7

Date: Fri, 15 Jan 2016 10:17:35 +0000

Source: wordpress
Source-Version: 4.1+dfsg-1+deb8u7

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810325@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Jan 2016 08:21:54 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 810325
Changes:
 wordpress (4.1+dfsg-1+deb8u7) jessie-security; urgency=high
 .
   * Apply changeset 36185 fixes XSS CVE-2016-1564 Closes: #810325
Checksums-Sha1:
 2064fa6a526acc6918ea75f59002bd548037795e 2533 wordpress_4.1+dfsg-1+deb8u7.dsc
 0e0b64cca4fbf4be98f06c1b1d6520f4e75e4c4a 6116540 wordpress_4.1+dfsg-1+deb8u7.debian.tar.xz
 9a9d6b0ddf4bf9cc56280eb91408d1054a85da31 3170052 wordpress_4.1+dfsg-1+deb8u7_all.deb
 471f223ed83ef61275239101d26c7030e0ea6e87 4237850 wordpress-l10n_4.1+dfsg-1+deb8u7_all.deb
 bb1246535e6f2e04837d5cdcc78cecea9f11353d 501418 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u7_all.deb
 f9998be27c78aea8c1882cb7f84777fe38491546 800650 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u7_all.deb
 420fd542589b8d80e8ff6cd52e7228f77784053d 320280 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u7_all.deb
Checksums-Sha256:
 52ce839fe7e1a1c98815ff3dbfdf2b8d64ba9fc2b9122005003dfb5ad00f0669 2533 wordpress_4.1+dfsg-1+deb8u7.dsc
 3412ecb2d6dbdcba25b123b78b55991be19009533fa02311a2ec9e7597f2f701 6116540 wordpress_4.1+dfsg-1+deb8u7.debian.tar.xz
 818c70ff00f02ee3dfaff079a9d7ca0a0f18f6a47e792721a1aacfda5f7b9354 3170052 wordpress_4.1+dfsg-1+deb8u7_all.deb
 d203430c2a6f4977f5f4de6b5984028d8374d68a94d399c892bc5db433967a74 4237850 wordpress-l10n_4.1+dfsg-1+deb8u7_all.deb
 f896ae5dc843c1904ef46d7bd8afd30677b002f08d498b40d438f9fa01cae26d 501418 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u7_all.deb
 a4b2284f3fdb77d3c5ac56a0b989fe2f4b4316fd67f05170dd37296313b29978 800650 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u7_all.deb
 ba63896735ee5e0679ee4141ac1b798e3a579c92f372bd37dcf61fb6985146f1 320280 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u7_all.deb
Files:
 b4ce6bc944d6691ea99abb391c73d6da 2533 web optional wordpress_4.1+dfsg-1+deb8u7.dsc
 6b6b75fff7f83582a31607900a0e3a06 6116540 web optional wordpress_4.1+dfsg-1+deb8u7.debian.tar.xz
 0e30efa3c7345b6f49c09526fe23b4a3 3170052 web optional wordpress_4.1+dfsg-1+deb8u7_all.deb
 d3d049bbfa32d8ee58c7ff55b085cc84 4237850 localization optional wordpress-l10n_4.1+dfsg-1+deb8u7_all.deb
 deaa3df4d45d5c626de3db99d1e9d6ce 501418 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u7_all.deb
 aa60738cc31322afbf11c9b6f098f431 800650 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u7_all.deb
 89f0eb71a43be189e1020e03aae6f6a5 320280 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkXJBAAoJEAIhZsD/PITjT+gP/ApTrfL+iN0qlGt5DgeBl5Nb
Zf1ojnMaZwzfCy0I35PQxad/RitA9d0QSzN2Eh+2f4A2YfZb/7hKjl477sx9kYzr
UKwnRjH2+ilVliKZCoM2oJ73dl/hlQuJXEnA3whOvC5Mx/95YrOE+4ks3KHmnJzL
QNBvIbVWQtJhAz3RUcG+/zTa5agvOJp3tfdqvKQBfH830jnFzzNwP/uwPCHhXB05
3tHCEESKk9HD1XpR1XUm6eBMOE5Fm+VT3WXtIkqhT4/8Xyf6gLKXHVfN01IG7nRJ
1CmRYtxLTWxkHec5UCs0hxtJgd+cbRVBvrDJU3KYqkoszRZjaGzCXCy0o4NWHH4n
LCiMrHz6HnRWbPXgI1wc+fnm6DzESl7UY8IFZ28TS5ZB9zWAD6DO4cFURF+YSHj7
g7wrcM8FXfP9a0eBWN3EUCvrgbjYVGZbsQTkzqbYigqWShzAc/9umpfrMGRaW05d
VZDvgkfg5XtzkvH6LdBXunDvSaSX8H//VrjRf+dldVW9grQximwqbqJh+ToDtYE7
UafMR5OzbUEyI58DUC21y3hNZ7zFY/r5okGu+3WzCMiquvVOlwa1bTRQyW/9SmyN
hFzuP3ojYGwcOYLAMDXfjG0CR3Tz1V4FZj+GlS1s5J5qAu6h4FykvbqE8rzznAX2
qGe4GPQZCH/jOs65aSrf
=VkPy
-----END PGP SIGNATURE-----

Message #46 received at 810325-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 810325-close@bugs.debian.org

Subject: Bug#810325: fixed in wordpress 3.6.1+dfsg-1~deb7u9

Date: Fri, 15 Jan 2016 10:18:31 +0000

Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb7u9

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810325@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Jan 2016 09:13:17 +1100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u9
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 810325
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u9) wheezy-security; urgency=high
 .
   * Apply changeset 36185 fixes XSS CVE-2016-1564 Closes: #810325
Checksums-Sha1: 
 9a4076a13c2adfafeb22a34c3fe06c3279b1b7cd 2319 wordpress_3.6.1+dfsg-1~deb7u9.dsc
 3034020698db66e2355d1eb6c1b8c8b0ba252468 5265156 wordpress_3.6.1+dfsg-1~deb7u9.debian.tar.xz
 29d58ce27c34315e8cc4fc1518481e1b3948ddb4 3971732 wordpress_3.6.1+dfsg-1~deb7u9_all.deb
 a83a8dfd7143b5378cb972a0cccb33a893e8f249 8871420 wordpress-l10n_3.6.1+dfsg-1~deb7u9_all.deb
Checksums-Sha256: 
 ba29abec9777fedf109a36fad50928e780266b4b95c85003bf40df5d9be9d332 2319 wordpress_3.6.1+dfsg-1~deb7u9.dsc
 ab184b9a134143d27cd75c9d70dc33af31c31fe548d2e8d754cb1ba325f780cd 5265156 wordpress_3.6.1+dfsg-1~deb7u9.debian.tar.xz
 bcbf22c91c267db0c0d1e1f8f96f82e934b767a5f13dc8c6f3bb8fbe4ee2f582 3971732 wordpress_3.6.1+dfsg-1~deb7u9_all.deb
 6397b207cdc1d45bcc7d17d4a3f860103d85b244f12af273203c6fb1588c7871 8871420 wordpress-l10n_3.6.1+dfsg-1~deb7u9_all.deb
Files: 
 9f7b858be718fa49eff6697a5fcaacea 2319 web optional wordpress_3.6.1+dfsg-1~deb7u9.dsc
 7a173636b5bf044a554e413fd3543059 5265156 web optional wordpress_3.6.1+dfsg-1~deb7u9.debian.tar.xz
 acdfaffa5e965e843bbe3e14c0b0734f 3971732 web optional wordpress_3.6.1+dfsg-1~deb7u9_all.deb
 291aec601ff8ce882dc07efb09822fdc 8871420 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkW/0AAoJEAIhZsD/PITjyZsP/j8pwNc5y+wT7O8OZXAGzkqP
zWlYG4+qEnd5eWP1a1+Ss4JQILpb64mLYWvaLQaMaXOEbictJmfBHb6FB9LZHVo/
IS0hJbFpp9IO5dGukVoUiLrzdgucP7XmEyFXNqSzApHmb41jjm3FwylPhXfc21wO
rZ4hW2vAVxonjRlnj4StAV38Cu+eh8D6f4DxMJfLOwpLWMHyKYkhMLQkUR3qPYnd
SW7QH3ezXtyBD4//tnJMrxStP1X4YwudYZ7VeYpGfK4sfCh4UiWK5rBvrcKXMnx7
P2iDRncsTbH3eDL6QJwXrVD8Tgdln2jAHqf07aJMYHeI7PZPH+UR+9FW0y3S3elN
cibE+G9zf/udeNUBazAlFg3pVjByHYOofJHybzhWF5jL43L4voEiIVStk9HAQRaU
2KIt8zz8vLMGNyTagrBdq7cPTZvm8fA7m61kBbM+K0M+G46jjMZg8aAm7AIGFAuu
nUoFT2mvc/R9fekjo6RVgjBe09c1Hu3XB75VtiWkTDbjU0wRjqpwGYanqkQU+E4U
TLKj8O9+6dY9EErkKbzAR1GHND4aHVwhHoahIMjXfNwRINOmRXFtZr5pfV64Zln8
5qzMkn06C+n8KIBLmyHfvlJGURPMvZ1AKweUtxdWQc3D/Fu9gjKMBMzAhuG65bPy
ppd09ELiVuXq4VsJioF1
=X4XI
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.