DSA-2470-1 wordpress -- several vulnerabilities

Related Vulnerabilities: CVE-2011-3122   CVE-2011-3125   CVE-2011-3126   CVE-2011-3127   CVE-2011-3128   CVE-2011-3129   CVE-2011-3130   CVE-2011-4956   CVE-2011-4957   CVE-2012-2399   CVE-2012-2400   CVE-2012-2401   CVE-2012-2402   CVE-2012-2403   CVE-2012-2404  

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches. This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade. For the stable distribution (squeeze), those problems have been fixed in version 3.3.2+dfsg-1~squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), those problems have been fixed in version 3.3.2+dfsg-1. We recommend that you upgrade your wordpress packages.

Debian Security Advisory

DSA-2470-1 wordpress -- several vulnerabilities

Date Reported:
11 May 2012
Affected Packages:
wordpress
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 670124.
In Mitre's CVE dictionary: CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404.
More information:

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.

This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.

For the stable distribution (squeeze), those problems have been fixed in version 3.3.2+dfsg-1~squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid), those problems have been fixed in version 3.3.2+dfsg-1.

We recommend that you upgrade your wordpress packages.