Your message dated Sun, 13 Apr 2014 17:18:47 +0000
with message-id <[email protected]>
and subject line Bug#744018: fixed in wordpress 3.6.1+dfsg-1~deb6u2
has caused the Debian Bug report #744018,
regarding Wordpress 3.8.2 fixes two vulnerabilities [CVE-2014-0165 
CVE-2014-0166]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
744018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Severity: serious
Tags: security fixed-upstream patch

Hi,

Wordpress 3.8.2 was released which fixes two security issues and several more 
bugs.

http://wordpress.org/news/2014/04/wordpress-3-8-2/

CVE-2014-0165
Wordpress privilege escalation: prevent contributors from publishing posts

CVE-2014-0166
Wordpress potential authentication cookie forgery

Can you see to it that this is fixed in unstable? I'm not sure if these 
vulnerabilities warrant an update to stable on their own, can you advise?

Thanks,
Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb6u2

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Apr 2014 22:12:48 +1000
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb6u2
Distribution: squeeze-security
Urgency: high
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Craig Small <[email protected]>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 744018
Changes: 
 wordpress (3.6.1+dfsg-1~deb6u2) squeeze-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Import some changesets from Wordpress 3.8.2 to fix the two security issues
     present (Closes: #744018)
     - Changeset 27976 - CVE-2014-0165: Wordpress privilege escalation:
     prevent contributors from publishing posts - Changeset 27976
     - Changeset 28054 - CVE-2015-0166: Wordpress potential authentication
     cookie forgery
     - Changeset 27873 - Hardening to Forward pingback IP during pingback
     verification.
Checksums-Sha1: 
 b2ecf1ba4556d21076c7cb1e4280d1d06721e572 2109 wordpress_3.6.1+dfsg-1~deb6u2.dsc
 734c4769dd28fc70ac9bc2da3b1b04f374674b58 11016086 
wordpress_3.6.1+dfsg-1~deb6u2.debian.tar.gz
 a4ca8f45ff2d5b2cef751514eb6d1c942d50f9d1 3988970 
wordpress_3.6.1+dfsg-1~deb6u2_all.deb
 599b5db6c53456bceafaa962f114ec597d21759f 8880744 
wordpress-l10n_3.6.1+dfsg-1~deb6u2_all.deb
Checksums-Sha256: 
 af1244e447b1cd0841a56e872c6c4a88b207de6bc801c85dfdec59bf1186bf4c 2109 
wordpress_3.6.1+dfsg-1~deb6u2.dsc
 9b59c086a49b64ddc898ecfc6ea7771728fbc1eacc61a7adbac15692fdf0d5bf 11016086 
wordpress_3.6.1+dfsg-1~deb6u2.debian.tar.gz
 1acd92be106deab9e08ef6f342c2a833ffc722684813ce5fa1db9c9c20c99f52 3988970 
wordpress_3.6.1+dfsg-1~deb6u2_all.deb
 71c30ff8b8c7e6508a0b0ef9d37e468531fc6680cdb01dbaf24007f243a0887a 8880744 
wordpress-l10n_3.6.1+dfsg-1~deb6u2_all.deb
Files: 
 56714fe9a3205842c94219d262ac5b56 2109 web optional 
wordpress_3.6.1+dfsg-1~deb6u2.dsc
 8154a5c61fece4937c34f685e66a5992 11016086 web optional 
wordpress_3.6.1+dfsg-1~deb6u2.debian.tar.gz
 35e71824c35ceeef3ef724de8a6e4fb3 3988970 web optional 
wordpress_3.6.1+dfsg-1~deb6u2_all.deb
 b82b1d374968586f5c748bc83b25d9d5 8880744 localization optional 
wordpress-l10n_3.6.1+dfsg-1~deb6u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTSXqmAAoJEAVMuPMTQ89EhakP/2HO5B3GSoNZRtXAsACm0fXj
8I3H+rzxJDhetL+sIh9xeTmLM3SHiJUfSo3AZoOaI/cKD8Z/Z/Zy8uZZ77C7UPe6
FKxKCwzEeo+RVBJ44750x7FK+sb25K5sYrPZp0pSgczK1pPx6Ka6Yng3J+Ga5v8w
p58tB9y9GiuCYIvUclCeh9f2JtjvuV3W8H2ziILhZOVD/x8HDYEVEt+Pw3/7TQKe
rUnBI0rDenbCqCowWi49CPCyCjnsGkmo8uCxJsYaLnsVtFscMoWB989PPqzhTVEc
Pm+Y2DC6hYDYvZ/ArucL8lQKqE2BzZ0UUWgLiBB8yjpUEx5EekjrUyAu8KOuhi3q
ghWPlzAmZHM/iXIaPKNtdzKQ2qAygeOnwvRU8o3jyZqX42gcJr42CY0xLUI39A1X
qhpBLEcSbBDtViy/Ms+ZSP2Bq5bfHEFhMbX6Y+U/I6sVvEtbE5cRQbLjk+KNDRlr
ggfcFUhXankalobyR7bDwzoP+wDrl3LD6+uTEJl50astDDj60No3qVOXupsz8V4r
un2VD9sIymxQe96/4zAyr5oVpfVaNCj5nuyANofCElRkoZEYVF8M1R0pXHlsMzwV
a+4yWFN4NKLRw761n1kTcNWoMvPi6dhFzI2J24PpVT95XicvFRVQ5EFnxMEhe3kz
SiWfj2bZmDdXhIYTH6m6
=LPkn
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to