wordpress: New version available: 4.4.2 (CVE-2016-2221 CVE-2016-2222)

Debian Bug report logs - #813697
wordpress: New version available: 4.4.2 (CVE-2016-2221 CVE-2016-2222)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Christer Mjellem Strand <dilldall@bjork.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wordpress: New version available: 4.4.2

Date: Thu, 04 Feb 2016 13:35:44 +0100

Package: wordpress
Version: 4.4.1+dfsg-1
Severity: important

Dear Maintainer,

Version 4.4.2 was released two days ago, with the following security fixes:

 *  #36435 HTTP: 0.1.2.3 is not a valid IP.
 *  #36444 Better validation of the URL used in HTTP redirects.

Please consider packaging and uploading this fixed version to unstable.

Thanks.

-- System Information:
Debian Release: 8.1
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Message #14 received at 813697-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 813697-close@bugs.debian.org

Subject: Bug#813697: fixed in wordpress 4.4.2+dfsg-1

Date: Fri, 05 Feb 2016 10:24:12 +0000

Source: wordpress
Source-Version: 4.4.2+dfsg-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813697@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Feb 2016 20:34:42 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen
Architecture: source all
Version: 4.4.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentysixteen - weblog manager - twentysixteen theme files
Closes: 813697
Changes:
 wordpress (4.4.2+dfsg-1) unstable; urgency=medium
 .
   * New upstream release Closes: #813697
   * Fixes open redirection attack CVE-2016-2221
   * Fixes possible SSRF for local URIs CVE-2016-2222
Checksums-Sha1:
 7e44b48ffeb7462bde98e12ae16fa52cf0b8294b 2517 wordpress_4.4.2+dfsg-1.dsc
 ed7bbd55a01fa948d79e70054cca635803842fac 5457748 wordpress_4.4.2+dfsg.orig.tar.xz
 b0a833ddc7c4ff4ab2683563ddee5c0db8517ff7 6054556 wordpress_4.4.2+dfsg-1.debian.tar.xz
 1f5104e83dc51ec2f07e28b95562064193732969 4364548 wordpress-l10n_4.4.2+dfsg-1_all.deb
 8355fe0bfb05ccf28a47de8b9a60c770e2785298 502588 wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
 32b753c15763ef01e49601e3c5cbac0caed8d2ca 804004 wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
 2b725ea28463daf78bea09ceb5ef5deb313d30eb 587798 wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
 76e7741a51ba7f40990ef76278042e47ae1ab671 3543304 wordpress_4.4.2+dfsg-1_all.deb
Checksums-Sha256:
 426155d0b502004aeedbcf96c2bb026a63e93667cd6f0d3aa5dd351004c9c29a 2517 wordpress_4.4.2+dfsg-1.dsc
 cc7271f00fd351eb752afaf28ba59da7e536d873fd79ab3e00e0fc1663230360 5457748 wordpress_4.4.2+dfsg.orig.tar.xz
 ff45d83fa89ee3462ce3bb7b3221a79ec9d8afd24069b1c1762c3a7045da9f87 6054556 wordpress_4.4.2+dfsg-1.debian.tar.xz
 280e404f3fb8dae551389c1ead196d186d395de513c98605d213ec226ccf1345 4364548 wordpress-l10n_4.4.2+dfsg-1_all.deb
 bd1cfe1403b1bf492cbd55640fcdbf9d33818414ef66a73a1ac9ab425c9038de 502588 wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
 cddda245df0081b28ea5cd74f055bdda5cb91c9bd8b2e53291c12237c943de5d 804004 wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
 2de32323cfd5f9cbff8659d15f9a5292ab35bb66b8d766b1ee292136887c6eab 587798 wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
 6d2ef83738398bca029f8ad8170cc040afa30da33946896295066bc9d571294d 3543304 wordpress_4.4.2+dfsg-1_all.deb
Files:
 1c8ca1ab5293d7de68b7f458b58ab90b 2517 web optional wordpress_4.4.2+dfsg-1.dsc
 95daa6fc3c1e7773fa1b7e47876b1442 5457748 web optional wordpress_4.4.2+dfsg.orig.tar.xz
 24cb005f0f0c923cc0ed74e06b21ef63 6054556 web optional wordpress_4.4.2+dfsg-1.debian.tar.xz
 834f4e8c9f6346b214f0d1f47226dded 4364548 localization optional wordpress-l10n_4.4.2+dfsg-1_all.deb
 2d1d053fcdccbb52671c20f893ffa475 502588 web optional wordpress-theme-twentyfifteen_4.4.2+dfsg-1_all.deb
 37730d693f467fe71eee6a00d64ef8b9 804004 web optional wordpress-theme-twentyfourteen_4.4.2+dfsg-1_all.deb
 ef4cf098bfd6bda8af525b88215bb7c4 587798 web optional wordpress-theme-twentysixteen_4.4.2+dfsg-1_all.deb
 57beb1834fe7e2edcd06b07772967e08 3543304 web optional wordpress_4.4.2+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWtG4+AAoJEAIhZsD/PITjhn4QAJ4mrIp0lxE7SnVVvcMfJ/hX
eSHMizy+V9xKofJljtgkGeSY3x18bYodHHgeqjUYXOcuDADl60OIqNoQ9JJL/fRo
edhAL/lUj/FJuV3Lij3E7TqruK13cRK7kvRz1kX5Q3xUZ71mt0ZaNxDeCITMCShw
KKUeZ88/6Ng2O03agnJSUM6B2JsL8/6xVOGQ8Vrh+HmxtYkUW43yxmXhuCXBYYS1
21IwVc6IJDxgjm/dKv+5498aPsw6QI2zUeqQfcVrbafdQ4/menFPcxOnmDI1VSUE
E3SN4Py2ExtiFt6uBg/zQ3npuKvmdMZDrA/vrhCslGjq7luBCqx5SaiLrHTU44GM
cqiakuJgLUznf2LkivAd5kynJgvZc1n42wHJEbLGQ4gWRNcQjHbsupwIA2lTRUE5
hBY+RthWubz3Aumrn59Aj19qKeZcqDEmYFtdMKRXpS0xQ2XWTRfvcgAaA5LIIXpB
fULsrG76l6cPx6aWd2LWHElCdGK1bb5Nz4Qso12mR12ledC+Z92R961oVec7kTff
MruLGC679bczHN6ANmvdJxyxk7nA1CoH1kULMekhJqmyCELvRRG2osDxa0V08wzr
lLIT+icc4caTJQIpWexiBYZuThnlYIF99r0a01ITrpnT1go3h5nfJoXJ4tX9gb3C
eze1idLouzXCFbayBe1Y
=LYrn
-----END PGP SIGNATURE-----

Message #21 received at 813697-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 813697-submitter@bugs.debian.org

Subject: Bug#813697 marked as pending

Date: Sat, 06 Feb 2016 04:12:20 +0000

tag 813697 pending
thanks

Hello,

Bug #813697 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=6cae5c0

---
commit 6cae5c076d768f028755a05a0efff595e081afd6
Author: Craig Small <csmall@debian.org>
Date:   Sat Feb 6 15:10:43 2016 +1100

    backport changeset 36444
    
    Fixes CVE-2016-2221 by improving redirection checks in pluggables.

diff --git a/debian/changelog b/debian/changelog
index 7939b6d..a60c763 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 wordpress (4.1+dfsg-1+deb8u8) UNRELEASED; urgency=medium
 
   * Changeset 36435 fixes SSRF for URLs CVE-2016-2222
+  * Changeset 36444 improved redirect checking CVE-2016-2221
+  * Closes: #813697
 
  -- Craig Small <csmall@debian.org>  Sat, 06 Feb 2016 14:49:42 +1100
 

Message #24 received at 813697-submitter@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 813697-submitter@bugs.debian.org

Subject: Bug#813697 marked as pending

Date: Sat, 06 Feb 2016 04:41:55 +0000

tag 813697 pending
thanks

Hello,

Bug #813697 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=99cb415

---
commit 99cb4153ecd0476c6ddc1a71993436b632f6fee1
Author: Craig Small <csmall@debian.org>
Date:   Sat Feb 6 15:41:12 2016 +1100

    Backport of 4.4.2 security patches
    
    Changeset 36435 fixes SSRF for URLs CVE-2016-2222
    Changeset 36444 improved redirect checking CVE-2016-2221
    Closes: #813697

diff --git a/debian/changelog b/debian/changelog
index b6339be..873e3d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+wordpress (3.6.1+dfsg-1~deb7u10) wheezy-security; urgency=medium
+
+  * Changeset 36435 fixes SSRF for URLs CVE-2016-2222
+  * Changeset 36444 improved redirect checking CVE-2016-2221
+  * Closes: #813697
+
+ -- Craig Small <csmall@debian.org>  Sat, 06 Feb 2016 15:40:51 +1100
+
 wordpress (3.6.1+dfsg-1~deb7u9) wheezy-security; urgency=high
 
   * Apply changeset 36185 fixes XSS CVE-2016-1564 Closes: #810325

Message #29 received at 813697-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 813697-close@bugs.debian.org

Subject: Bug#813697: fixed in wordpress 4.1+dfsg-1+deb8u8

Date: Wed, 10 Feb 2016 22:18:26 +0000

Source: wordpress
Source-Version: 4.1+dfsg-1+deb8u8

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813697@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Feb 2016 15:13:23 +1100
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description:
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
 wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
 wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
 wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 813697
Changes:
 wordpress (4.1+dfsg-1+deb8u8) jessie-security; urgency=high
 .
   * Changeset 36435 fixes SSRF for URLs CVE-2016-2222
   * Changeset 36444 improved redirect checking CVE-2016-2221
   * Closes: #813697
Checksums-Sha1:
 ec5b7b222f44f2514fd520ea14424d29d409262d 2533 wordpress_4.1+dfsg-1+deb8u8.dsc
 4b55b240b748df7f721213504dd51814fe61cee6 6117108 wordpress_4.1+dfsg-1+deb8u8.debian.tar.xz
 824b3b7c595c8bad513aadeed62b9d2026afc13c 3169462 wordpress_4.1+dfsg-1+deb8u8_all.deb
 5425f65784cf77d756961aa5d8e994c367a1a471 4239094 wordpress-l10n_4.1+dfsg-1+deb8u8_all.deb
 f66a93a4b1b2553365947f5132f6ff1855fa8922 501516 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u8_all.deb
 8432cbe09c25041bc1fd4f74148b60cff44bbfb0 800680 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u8_all.deb
 8b4b4f9603a30ef76f7cda64125027161def6aa8 320306 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u8_all.deb
Checksums-Sha256:
 19b8f53b002dd56d0e620e74cc87800cfe174d04cf24b651fb1acc1c0273e276 2533 wordpress_4.1+dfsg-1+deb8u8.dsc
 e78b3bdb71910eb14c02c5c86e5c905cd6f1fe613b8ffaaff274962879b80639 6117108 wordpress_4.1+dfsg-1+deb8u8.debian.tar.xz
 fe8a7abda8f17466e486f45c331aec91f627aadc79ab6d1bd81916827fcddccc 3169462 wordpress_4.1+dfsg-1+deb8u8_all.deb
 fa393650ec16c3dc8e0b0c08dc49d2d5eeef3447d39b96755405b2749bac35aa 4239094 wordpress-l10n_4.1+dfsg-1+deb8u8_all.deb
 cba2e6e8d26e7209e935be1deaeb0d39bc8aed11fb632381ae34e07ebb69436d 501516 wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u8_all.deb
 a838355fb7b0e047e19852c0bda904f061f070202a9f2ac0a71054e6e48cdc57 800680 wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u8_all.deb
 95c93c18b535a08b3a3e4d712a7f24bcdb0a35d0ac6d308e978fa376dae83413 320306 wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u8_all.deb
Files:
 0d41430f19ddaca26446adfef0476b2a 2533 web optional wordpress_4.1+dfsg-1+deb8u8.dsc
 c2f3f36a4eedbca31beb55d575f88f85 6117108 web optional wordpress_4.1+dfsg-1+deb8u8.debian.tar.xz
 1692e417216724943e4158b9910bf9e9 3169462 web optional wordpress_4.1+dfsg-1+deb8u8_all.deb
 31ee69de5c524f374760434b14fb1dc8 4239094 localization optional wordpress-l10n_4.1+dfsg-1+deb8u8_all.deb
 a7a71bc73b5a3c2b333538431d20c926 501516 web optional wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u8_all.deb
 a24e026c011b460582b8e38e7f477bf0 800680 web optional wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u8_all.deb
 d3e155f8b0947af07df57fc125279f58 320306 web optional wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWtk1PAAoJEAIhZsD/PITjUP4P/ApbKbDQWbiUrh/jZU2ecXZP
f525u7vJUBcKvQuWjRpSZgXGdf54rK8alaHRCAMr5t8OUBlFCB2gk4Cmhhldb07s
jpPSQJZWwnAmfcTg1aEj5uNHt8lZ/hpohcRL9WXnsCj6XYn7CUvD/CKb7TWF0mkJ
TiSBFTb0AxtO8iF3ZEJoA6uaTP8YG2qrChS7N2McYKXa9qvHh4r1vtTu3E1Bh8Bm
PLH5DnOxd2WAfedJhiZJkhM0zASJv/V9y+o1vFZl7OwmiVY1TSZdim1UPm/Bbuuy
Y8b2wPnbl93rtJ9hQ/YQ92I+nUqT4Ne4IQnSgMxajhrXNWvoa5qnTyLFh7LbLZ+6
jf5tvizAt5hRwmgwcMFDjS1riErKjLdmQziMlQUSbI4EcrEkacc1aHWB4PNlMOWo
fo24G4KU1XOmwzUzQex04ivs3S7RIf89nXd78wApSrnKnZIGITrSiIBhZqbXOSnd
KpcJTp13jENZR5feVnS9gU/fFbfPfGwaKRZgjo/R2x4ssBc56ML4LLJNPXwe8kXA
LjJWYelcJCxIPposETyl7LCWO6vdkuQ1jlTfZjD/ZEBHnpa/qN9tA9gzuNTeAYz9
vGH/ya4h5x0mlehvClFwVjvkUlzEEa4b9rD2ma1mt2asFVmu1yIH/MTdyFFCQX2J
Yahp1VXZzXP6C67apc8C
=YS+P
-----END PGP SIGNATURE-----

Message #34 received at 813697-close@bugs.debian.org (full text, mbox, reply):

From: Craig Small <csmall@debian.org>

To: 813697-close@bugs.debian.org

Subject: Bug#813697: fixed in wordpress 3.6.1+dfsg-1~deb7u10

Date: Wed, 10 Feb 2016 22:20:24 +0000

Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb7u10

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813697@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Feb 2016 15:40:51 +1100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u10
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 813697
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u10) wheezy-security; urgency=high
 .
   * Changeset 36435 fixes SSRF for URLs CVE-2016-2222
   * Changeset 36444 improved redirect checking CVE-2016-2221
   * Closes: #813697
Checksums-Sha1: 
 624e3af1186f06fd786b8864951bca48816e0562 2323 wordpress_3.6.1+dfsg-1~deb7u10.dsc
 476338e9989881e376bec015aed326ea8ff52ad3 5264980 wordpress_3.6.1+dfsg-1~deb7u10.debian.tar.xz
 bd239e7e31d636b3a5011098ce80a741e125246e 3972044 wordpress_3.6.1+dfsg-1~deb7u10_all.deb
 ff40d9f5ba6bfccfbb00764000b590f64d1eb500 8871652 wordpress-l10n_3.6.1+dfsg-1~deb7u10_all.deb
Checksums-Sha256: 
 6b71d3df3e22d6361cd65f89ab69250b5d7aef3179db0634030349608d26fab7 2323 wordpress_3.6.1+dfsg-1~deb7u10.dsc
 50cfc661d0dc892ba523e47126dc299d20df34e923ca9615c1550731df24609d 5264980 wordpress_3.6.1+dfsg-1~deb7u10.debian.tar.xz
 3d05566e61037516313511de6db993efdb04be804b794e4f1eb3de9e4d13b9da 3972044 wordpress_3.6.1+dfsg-1~deb7u10_all.deb
 7779ac2b8a3423c048ca8607fecf2d8c94d21f34acd02db921cce7349552b71e 8871652 wordpress-l10n_3.6.1+dfsg-1~deb7u10_all.deb
Files: 
 e34e31f98acbb90c2b8b7520d81e5d16 2323 web optional wordpress_3.6.1+dfsg-1~deb7u10.dsc
 4b60d1cd42e90ba199ad2e48caeac8c6 5264980 web optional wordpress_3.6.1+dfsg-1~deb7u10.debian.tar.xz
 75dbe2992463c7ba2941263f1813b5df 3972044 web optional wordpress_3.6.1+dfsg-1~deb7u10_all.deb
 0f7f09520a80382e39032b3683e452b6 8871652 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWtaBlAAoJEAIhZsD/PITjv7gP/ivSyb+gJRP+UfvJzZ4lR4Oz
tpQku/i3UgBrc+KOKRGEsHSvV0ZEpD8KroJXELj4C2RkHjycTtsw8QKRTwg6f7Ps
JXv9Y8EVphb/MGS3yIRZOl9vfxu3k+ilmNtgfKp8oP/JPoLzYF5MgTZcBjzJ+dAM
Q8wKAw9kB/8NEfDlSuUbOuJ3OeDkjPbjik1Tc09t5eZXUDKa01wBEUQuuBOWF2BT
DQJX+DbeBa+PyyrSfbtPdGPWrFMlIdDUX4uI81riFz6pZcnQJ2VVekmFBsvaa7fT
QgsVqBigp0gsgFp98zQ9TAAYTEnTegJSfg+3FOnjIIJqzAiDceE3HI/bJJELt/LA
TTUzZS6upypBrLNjginxBjTn25xU79Il4+Pp/Vth4XeicglUZvcnosXkLNPobrdr
IE5xBC7q+P7aXVHp9E20kca/YW0lRgd9E5vhs1KVFIVa3zQZtSb9ZqSkYLYf1QJt
4HTPyDDsmWzyK0hauPJz4/kS2NFEolP+KOCylBrwBpYlPSXYyIwPAYXtGbstSi36
eURp+RvDezu6r90n6nxUWBQkp9429e4x8gmeRXt5+DjhHpEPgE/G4uCjOH5IGn+8
4mRJgmoSlRuTfNXi7lWw1or1jA/Ey25h0/nTcv/xpu8OR3NikneFV/5Ko74RCJvZ
9l/Ka/Z44mg21siREwN4
=oMqq
-----END PGP SIGNATURE-----

Message #39 received at 813697-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 813697-close@bugs.debian.org

Subject: Bug#813697: fixed in wordpress 3.6.1+dfsg-1~deb6u9

Date: Tue, 16 Feb 2016 22:46:21 +0000

Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb6u9

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 813697@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Feb 2016 16:25:44 +0100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb6u9
Distribution: squeeze-lts
Urgency: high
Maintainer: Giuseppe Iuculano <iuculano@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 813697
Changes: 
 wordpress (3.6.1+dfsg-1~deb6u9) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Debian LTS Team.
   * Fix open redirection attack CVE-2016-2221.
   * Fix possible Server Side Request Forgery Vulnerability CVE-2016-2222.
     (Closes: #813697)
Checksums-Sha1: 
 cae4f120934d864c79209e39e41c2cac3be5de79 2239 wordpress_3.6.1+dfsg-1~deb6u9.dsc
 29c6eb2ba25526fdfe6f68d6674b5b05c85ab7c1 11039656 wordpress_3.6.1+dfsg-1~deb6u9.debian.tar.gz
 0dd8a065365b8874ab5f007616aeb2cfe712b79a 4009676 wordpress_3.6.1+dfsg-1~deb6u9_all.deb
 c36ce842b13588cfa60c823a47c3665706153d60 8871626 wordpress-l10n_3.6.1+dfsg-1~deb6u9_all.deb
Checksums-Sha256: 
 de32caf6af34ea57707503f403d33883c1bd756f5af8a2003e7e6fcc84b8f77c 2239 wordpress_3.6.1+dfsg-1~deb6u9.dsc
 c8ac7a7257683caae821f24193395ec5f35baaff1120ae0fd9737cefcdd1b66c 11039656 wordpress_3.6.1+dfsg-1~deb6u9.debian.tar.gz
 a305b2b4bd4b75e1551268f7a7187c7e86e77b8bf697b578e9a7e941250d9a12 4009676 wordpress_3.6.1+dfsg-1~deb6u9_all.deb
 fb230b134d588e7c41a868e1ab0b9fb325549c58e9c6ee5a779341a20bb04fb3 8871626 wordpress-l10n_3.6.1+dfsg-1~deb6u9_all.deb
Files: 
 f6c0775265b2ed68d07b83494cb73484 2239 web optional wordpress_3.6.1+dfsg-1~deb6u9.dsc
 644d43af00aecfe589de3d274b789699 11039656 web optional wordpress_3.6.1+dfsg-1~deb6u9.debian.tar.gz
 b85a392aaaecb3c860224433845d5ad9 4009676 web optional wordpress_3.6.1+dfsg-1~deb6u9_all.deb
 1c4ae81d2be7cede476e563982bc51fc 8871626 localization optional wordpress-l10n_3.6.1+dfsg-1~deb6u9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJWw0yqXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkIEsP/jec530WzrKNcmeWhLC4z3q5
M9TRK6KHuPtK3BaRn4A8Je6fa4bG8j5x1KAEKXiE+/nkkHiTcyQj5yelrgIFixpP
KBchXj6O7V5WTLHZlYCmXYCfa8cajOHA9g2Vsw2K+MeCzvScC6X1v4UQ/HEyUCTJ
QMzuKNweghmyYBRpkvDS17hpwViVFv8GaUnAz68/WHyffWJYRweeilrJq5v1W6zB
9kQwFIBNs7BsSFNjQ7APXwzB0Qbsjd2/1cFSqq70so2UDEu9Yyi8WYzbS18ShbQz
ZHZG9K4SnAsbblPC9XaxHOEcAt2K+T9HL5vu9knnSgg8RG1yQX/0itA7NjKRZl9u
hhJjEQHzHnjektjJl+0Esx/smzEn69O1MTLYpjFv/+yeT2lJtq4CQYv8oIfLDlXb
XicQWf2QyV/a4KPZqBEJnOm8YFvpHuLFtpWonje2himpip0Wk33wJqmvlvrO8Bi9
8SjFbfCbYiFk0k8YZ6qp26a8lijGnRMyMo2kBkBXXhbrbqZcyS3gOGK4um8+i6l+
HLYmsrWN76UHZyRpaiSPUtp/ZC79xBsoVXiaPlE3ggEHFfRaRpvYRFIfnzNcPJrv
eyF/OFFYW2K+VIX+ZhrGgENxDRWiHr/5X2Tc4gb+GyD9A0Ofa8Cjcu+j+q+CSL3L
QnWqjnBB3a/TOyTNuYJa
=7Rm4
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.