Your message dated Tue, 05 May 2015 19:47:11 +0000
with message-id <[email protected]>
and subject line Bug#783347: fixed in wordpress 4.1+dfsg-1+deb8u1
has caused the Debian Bug report #783347,
regarding wordpress: New critical security release available: 4.1.2
(CVE-2015-3438 CVE-2015-3439)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
783347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Version: 4.1+dfsg-1
Severity: important
Dear Maintainer,
Version 4.1.2 was released on April 21st, tagged as a "critical security
release", and containing several security-related fixes, including an important
XSS fix.
As far as I can tell, this release is not available in neither stable nor
unstable, nor have the fixes as of yet been backported to a stable release.
I therefore request that you please consider packaging and uploading this fixed
version.
Note also that version 4.2 was released on April 23rd, which should likely be
considered for unstable.
I understand this must have been a busy week, and apologize if this is already
being looked into.
Thanks, and thanks for maintaining WordPress!
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages wordpress depends on:
ii apache2 2.4.9-1
ii apache2-bin [httpd] 2.4.9-1
ii apache2-mpm-itk [httpd] 2.4.9-1
ii ca-certificates 20141019
ii libapache2-mod-php5 5.6.0+dfsg-1
ii libjs-cropper 1.2.2-1
ii libjs-mediaelement 2.15.1+dfsg-1
ii libphp-phpmailer 5.2.9+dfsg-2
ii mysql-client-5.5 [mysql-client] 5.5.40-1
ii php-getid3 1.9.8-3
ii php5 5.4.4-15.1
ii php5-gd 5.6.0+dfsg-1
ii php5-mysql 5.6.0+dfsg-1
ii wordpress-theme-twentyfifteen 4.1+dfsg-1
Versions of packages wordpress recommends:
ii wordpress-l10n 4.1+dfsg-1
Versions of packages wordpress suggests:
ii mysql-server 5.5.40-1
-- Configuration Files:
/etc/wordpress/htaccess [Errno 2] No such file or directory:
u'/etc/wordpress/htaccess'
-- no debconf information
-- debsums errors found:
sh: /usr/sbin/dpkg-divert: No such file or directory
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 4.1+dfsg-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 02 May 2015 12:59:53 +1000
Source: wordpress
Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen
wordpress-theme-twentyfourteen wordpress-theme-twentythirteen
Architecture: source all
Version: 4.1+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Craig Small <[email protected]>
Changed-By: Craig Small <[email protected]>
Description:
wordpress - weblog manager
wordpress-l10n - weblog manager - language files
wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files
wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files
wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files
Closes: 783347 783554
Changes:
wordpress (4.1+dfsg-1+deb8u1) jessie-security; urgency=high
.
* Backports of 4.1.2 security fixes Closes: #783347
- Changeset 32163 sanity checks
- Changeset 32165 sanitize order by
- Changeset 32172 filename check
- Changeset 32174 multisite change extra checks
- Changeset 32176 Dashboard escapes titles
- Changeset 32234 More WPDB query sanity
* Backport of 4.2.1 for security fixes Closes: #783554
- Changeset 32307: XSS for long 64k+ comments
Checksums-Sha1:
94a3a76c5053d9e2c2f3c0bceced2206f490df45 2533 wordpress_4.1+dfsg-1+deb8u1.dsc
0b105e79723c1f1c16764eb98122ed426f738940 4749996 wordpress_4.1+dfsg.orig.tar.xz
b38521fe49f31729c6c1043db02321dd24acca2e 6099980
wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
31bf2fc2775ca23889269eca22dd4351ff4c97fc 3166172
wordpress_4.1+dfsg-1+deb8u1_all.deb
3b0378f7e1507698507999f040be00567417eef1 4236442
wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
59746a6d72a28439e4480214d980ca115f1b3fac 507016
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
ab210a7d4cd1422949efbb8e4fbbeefccf6a5847 802872
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
d198be75f96414f176d169e79cdde3bbfe475cc9 322378
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb
Checksums-Sha256:
41e8a4182c01cef29eb8dacc45ce936f7b8695e8d494ec20a7b517b98a5d1bc7 2533
wordpress_4.1+dfsg-1+deb8u1.dsc
11ca9ce2f5b05866df9521a50b8be22ac2315f652aa95ba49bdb202c5dda4954 4749996
wordpress_4.1+dfsg.orig.tar.xz
121586a27de1bae14d9b49716b2f273b9f6f35cce92e8d206d4ae1fa225bd0d0 6099980
wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
dc228c41d60a19e7a82d75ec585321d880f464fb4fd8ee57ff6b7b05b894886a 3166172
wordpress_4.1+dfsg-1+deb8u1_all.deb
778e3ae0816a1ce0687d7363496fe65072d6c8e34d7e774914e4741962762e64 4236442
wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
7e04ac07f14ca4808a4146b24f3187dde246945c4c25b7b06567553e7ccf4ae8 507016
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
674eaa355cb34a6501cf36695a6933c4c60caddcdb8a1819237b52ddc80028c1 802872
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
5bd200b0f06710ce4f9f89838dd20204354bbdf0ce4bd033f4729ccd618feb38 322378
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb
Files:
d852da545618a53ee46ed6ef63526e6e 2533 web optional
wordpress_4.1+dfsg-1+deb8u1.dsc
90db367f6588135c80a22a91e1c42fcd 4749996 web optional
wordpress_4.1+dfsg.orig.tar.xz
47bdcf156fd8464b72721416c270e150 6099980 web optional
wordpress_4.1+dfsg-1+deb8u1.debian.tar.xz
0cd986a2a5e9d08e33c475b6e7db5640 3166172 web optional
wordpress_4.1+dfsg-1+deb8u1_all.deb
a4627b36843ab6af180e6c1e1e8621d8 4236442 localization optional
wordpress-l10n_4.1+dfsg-1+deb8u1_all.deb
5e154ee5c3d36d5eccec371cd06d8c50 507016 web optional
wordpress-theme-twentyfifteen_4.1+dfsg-1+deb8u1_all.deb
024aa861b06e201811fcb910a5b4fde9 802872 web optional
wordpress-theme-twentyfourteen_4.1+dfsg-1+deb8u1_all.deb
20b7a0629ebff373db130495aa86e8a7 322378 web optional
wordpress-theme-twentythirteen_4.1+dfsg-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVREScAAoJEDk4+WvfUP6lPPsP/3Y49JclYT+acUjYrUXtyzBm
bHbbzMb4jH+SiQ0waJsGanSSYeJfnpCYxe8Sle8L9uGZDaoc1UvdAePYx0E+UqS5
qPy5R2Yi9viEiYCanER3ko16Ymbfe6XSzB/BGDYHQFQ6ez9VVcH5L1hcoyF3uhds
z2c1vWFvYAQeiKI2Z50WRuyx+AS5nQ0cVBheGo09vYlTZ4DljPWkul5UHJhu5UqK
Ps2YvT62VeHW9MMwjgUJkBVhqEG9gWprRaG9d7xd8IxJj7HU2iFoahdcQA3svZyB
ZEj5ShV2wrOEXJxb67suQ4/D8Sa44aX5jNuBYah4w2drMZgWhMIfwHnHYH7sm1R8
9qN160aTsc7do0EvmHkd9wfmFPf4GvBsrhstwgHeIRd8IM/zs2Q34yesMJpSrPw/
+tgUoB/Dbx5/RHPKqxUztZfMGxdxjrAqL6/mqjhacMH+VWRIZmkx/UblSiKknxL9
Lu4exW/FCXBQFo8cYumHP9mbFn2i8/jy4Lwr3GONhoLNAFsXXgq0DingY/ilRcvF
z0YYR7YzlwQkUUd6efEU0jpkuxn7qg+0fWYYy5FIBAmG05X98c9+dJD04246vPhI
TJ50vvgqw/P6Mfa/M3PbOHp+HFJAQUTD0bc0agK/o6janKrF88DmVDMTHbgedBDb
SNSJdwcwpzYvft2LG+Ld
=4agW
-----END PGP SIGNATURE-----
--- End Message ---
