Bug#783347: marked as done (wordpress: New critical security release available: 4.1.2 (CVE-2015-3438 CVE-2015-3439))

Tue, 05 May 2015 12:54:43 -0700 

Your message dated Tue, 05 May 2015 19:50:51 +0000
with message-id <[email protected]>
and subject line Bug#783347: fixed in wordpress 3.6.1+dfsg-1~deb7u6
has caused the Debian Bug report #783347,
regarding wordpress: New critical security release available: 4.1.2 
(CVE-2015-3438 CVE-2015-3439)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
783347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: wordpress
Version: 4.1+dfsg-1
Severity: important

Dear Maintainer,

Version 4.1.2 was released on April 21st, tagged as a "critical security 
release", and containing several security-related fixes, including an important 
XSS fix.
As far as I can tell, this release is not available in neither stable nor 
unstable, nor have the fixes as of yet been backported to a stable release.
I therefore request that you please consider packaging and uploading this fixed 
version.
Note also that version 4.2 was released on April 23rd, which should likely be 
considered for unstable.

I understand this must have been a busy week, and apologize if this is already 
being looked into.

Thanks, and thanks for maintaining WordPress!

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wordpress depends on:
ii  apache2                          2.4.9-1
ii  apache2-bin [httpd]              2.4.9-1
ii  apache2-mpm-itk [httpd]          2.4.9-1
ii  ca-certificates                  20141019
ii  libapache2-mod-php5              5.6.0+dfsg-1
ii  libjs-cropper                    1.2.2-1
ii  libjs-mediaelement               2.15.1+dfsg-1
ii  libphp-phpmailer                 5.2.9+dfsg-2
ii  mysql-client-5.5 [mysql-client]  5.5.40-1
ii  php-getid3                       1.9.8-3
ii  php5                             5.4.4-15.1
ii  php5-gd                          5.6.0+dfsg-1
ii  php5-mysql                       5.6.0+dfsg-1
ii  wordpress-theme-twentyfifteen    4.1+dfsg-1

Versions of packages wordpress recommends:
ii  wordpress-l10n  4.1+dfsg-1

Versions of packages wordpress suggests:
ii  mysql-server  5.5.40-1

-- Configuration Files:
/etc/wordpress/htaccess [Errno 2] No such file or directory: 
u'/etc/wordpress/htaccess'

-- no debconf information

-- debsums errors found:
sh: /usr/sbin/dpkg-divert: No such file or directory

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb7u6

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2015 14:04:44 +1000
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Craig Small <[email protected]>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 783347 783554
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u6) wheezy-security; urgency=high
 .
   * Wordpress 4.2.1 and 4.1.2 security fixes
   * Backports of 4.1.2 security fixes Closes: #783347
     - Changeset 32163 sanity checks
     - Changeset 32165 sanitize order by
     - Changeset 32174 multisite change extra checks
     - Changeset 32176 Dashboard escapes titles
     - Changeset 32234 More WPDB query sanity
   * Backport of 4.2.1 for security fixes Closes: #783554
     - Changeset 32307: XSS for long 64k+ comments
   * Changeset 32172 NOT applied as bug introduced later
Checksums-Sha1: 
 6f54cad28fbfe673f9a319fd6d78ef83f893df77 2319 wordpress_3.6.1+dfsg-1~deb7u6.dsc
 7119aca4b8f3f4c8e84c1234280fbdeefe4d3d9a 5257884 
wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 8271203fe2e555f74950b6b35ee94a367b6f7544 3968708 
wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 7402a1d88ade89f5f582fce96841c92db251486e 8871404 
wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb
Checksums-Sha256: 
 77d15ca65d639d01c98cec03ae92232c7bc6dbd9aaf736cea9e9dc5f0636d0db 2319 
wordpress_3.6.1+dfsg-1~deb7u6.dsc
 b9f205ad169ceea7d9103ee7dde81eefeb5bfea606226802cf20d2a3ce855ee7 5257884 
wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 8bc3740186fcedbaa66f840dcf0b8c69ca17b973517d74301682a5d9441c7437 3968708 
wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 05701eaf98b1961ce27168bd7d8d5230b5f1dba9d5402d410ccb28fdd872e0ee 8871404 
wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb
Files: 
 dc9375edfe7ee0583e4d4457ade2b3ce 2319 web optional 
wordpress_3.6.1+dfsg-1~deb7u6.dsc
 b1725a153d55e852c8c37c0cf1069907 5257884 web optional 
wordpress_3.6.1+dfsg-1~deb7u6.debian.tar.xz
 c1038f5f72ce53101069929d9794af49 3968708 web optional 
wordpress_3.6.1+dfsg-1~deb7u6_all.deb
 2fc7ea8214aa14c942114d285791ab30 8871404 localization optional 
wordpress-l10n_3.6.1+dfsg-1~deb7u6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVR2LAAAoJEDk4+WvfUP6lua8QAJQ4MjtNcg1wEYJjjMVEWhCF
Mks8dhcQu8YKx25xbqub9FqriZjnJPPtax3OQ/DuNzjDQytJJqbv03n7rT8/eK8V
8YO38KYxrMD6jPp40YGpiq3oMnwpVvoxrzqQ31vNR0rdf4hKf1iKYzEaonVOn9iT
f2tqNYAXMcF9mmoKURbZPIeZMUUZXHBhWv9ZSIX3VMVDiYOwNN5acVTRmPD47bH0
/3tSHlG7oOd2KDttF8lrm94Ukh5YA6/dQhfgJsx5Q0umoeMioK2eLSg2B1YULuSq
ycVg9PTG/JV6bbP9CwCluRYOUvR/dWS5+QQY0dq6GuooAVcBBtYI0cpxKet/3J9V
dnOkS70Gon/PMbtUnhtEpgG6HSZr18B/hXLE0THZf6JU+HPu4VZzQvN6OqSfhXvk
PVeWlhk97j0FLUcDeMwlpusu4tfXjR4gkHWk0V5tWjRdgDp3MUMmufdvVaFIFmot
I0Jaeco/dUfvI0tihCfUT4pWAw7hEby8SCB5qfha+5mtbwxjlAqmAcmB/HY54XdI
/XIvm23X0FeUrqm7jIMvEuX+HSZKTA3/V7Y5rwCm7PMAu4rOutYQSUJ8Y22oczgA
0RCj+BjQgBLwZ1gbKMudu3ukvMCluxEqXdNdP49CJ04jpQCQ8W2suFGKWXyylXOc
nqjyA9VHcyRjim+fxhny
=twUh
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to