Your message dated Sun, 13 Apr 2014 17:18:22 +0000
with message-id <[email protected]>
and subject line Bug#744018: fixed in wordpress 3.6.1+dfsg-1~deb7u2
has caused the Debian Bug report #744018,
regarding Wordpress 3.8.2 fixes two vulnerabilities [CVE-2014-0165 
CVE-2014-0166]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
744018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744018
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Severity: serious
Tags: security fixed-upstream patch

Hi,

Wordpress 3.8.2 was released which fixes two security issues and several more 
bugs.

http://wordpress.org/news/2014/04/wordpress-3-8-2/

CVE-2014-0165
Wordpress privilege escalation: prevent contributors from publishing posts

CVE-2014-0166
Wordpress potential authentication cookie forgery

Can you see to it that this is fixed in unstable? I'm not sure if these 
vulnerabilities warrant an update to stable on their own, can you advise?

Thanks,
Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 3.6.1+dfsg-1~deb7u2

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Apr 2014 19:49:18 +1000
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.6.1+dfsg-1~deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Craig Small <[email protected]>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 744018
Changes: 
 wordpress (3.6.1+dfsg-1~deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Import Wordpress some changesets from 3.8.2 from Jessie to fix
     the two security issues present Closes: #744018
     - Changeset 27976 - CVE-2014-0165: Wordpress privilege escalation:
     prevent contributors from publishing posts - Changeset 27976
     - Changeset 28054 - CVE-2015-0166: Wordpress potential authentication
     cookie forgery
     - Changeset 27873 - Hardening to Forward pingback IP during pingback
     verification.
Checksums-Sha1: 
 5ba7b92f753fd90422156102143509a510c40f7e 2319 wordpress_3.6.1+dfsg-1~deb7u2.dsc
 a505126b819acccbd8ff0bc85266ccaeca5242c5 5155140 
wordpress_3.6.1+dfsg-1~deb7u2.debian.tar.xz
 53a351c215bd055eddb6569a3ecb588282799212 3198710 
wordpress_3.6.1+dfsg-1~deb7u2_all.deb
 cb1200b9c4101b004058de41462ec2a4fcb57fc6 3740264 
wordpress-l10n_3.6.1+dfsg-1~deb7u2_all.deb
Checksums-Sha256: 
 49bc5e65a499bdf563b85afce19cba450dfa1d74ea4debdafc824cb84cf883de 2319 
wordpress_3.6.1+dfsg-1~deb7u2.dsc
 ad281b35456f45975df026a3a82776034a06aff59e2e85dae28ea5b28370cddb 5155140 
wordpress_3.6.1+dfsg-1~deb7u2.debian.tar.xz
 119dbc08bb5020e50d24b0a5888344735fc2733e2102f57754016bddea29612b 3198710 
wordpress_3.6.1+dfsg-1~deb7u2_all.deb
 032ff56479b4ef69e48fb4185914e79bce017e5e15fc794661f306d2c33db3aa 3740264 
wordpress-l10n_3.6.1+dfsg-1~deb7u2_all.deb
Files: 
 a0593b8bab7878e338da82cb9988dcf7 2319 web optional 
wordpress_3.6.1+dfsg-1~deb7u2.dsc
 edb3872eee6d246f8f28a7fcea689ef3 5155140 web optional 
wordpress_3.6.1+dfsg-1~deb7u2.debian.tar.xz
 fb7c0dfa09e282f7c91fc421c531fc7c 3198710 web optional 
wordpress_3.6.1+dfsg-1~deb7u2_all.deb
 44015aed62144f667d2f67ff3ffe0acb 3740264 localization optional 
wordpress-l10n_3.6.1+dfsg-1~deb7u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTSQzQAAoJEDk4+WvfUP6llXoP/0aM7i0yTq3qInCzNLGaVS9l
FvJZGM4WytHccdRD11U6+WJQAte2UjExiYuaKp8liDbUHWoChDtGtQOmAzlFt0of
DGBHIbItAYF8CAvl234FkBiqGflwSOM5eU2dJtxd81YWckwH+DgBIRxC8RQ8bRRO
tnxVUk6hCrrD7eESFc/FPD/dFdXxJ1oH/qowx0A+qXxJuSX84ivJswcXG5e2vpmx
OgL3H0TEQK3MuMi2F1Pnl4rX6ZRSUd1z8bAywgjavSzrixpGibUEXmIeR5ZYEJuu
1xeqzu1CIneXBfBaGOeA21xV0R3pLM1IeNew9L8ab4FFw61ewL5n4r6zZaqw0ox9
YnXBqQhq59liezJtLrug/TkMdp0Mi42viO4P76SwuBep1jN86lACkZzbb2VsPjhe
PluyQBeanH/rx1iVwfm7oleGxcsfNlEY1rsoGoQpsBWs3hGXLYZ7/W1hjhI13dqV
R8fe644gVboZY6HRq2f6oOGZykobBsvqZANXgoeHTw1VKtsiSL+DZ/2cUwgar+V+
PuBAPlqdATA1fBqYzELKjXKIBRoPrOlIOrt4yZH3FimfgJIUhP+EmJtyleVIgCUm
yD+X6/wTAPj1H3QMU/J8JZxzrSYTwRPkdASuZ/jMV04dswzD/keRRQFG7C0xWnKf
1DFfFfS9RKAvduMH/2vu
=jbVF
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to