tag 770425 pending
thanks
Hello,
Bug #770425 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=77ac53d
---
commit 77ac53dbe5eba0eca7ad992fdbf1f4b1f855203a
Author: Craig Small <[email protected]>
Date: Sat Nov 22 19:24:40 2014 +1100
Updated changelog for 4.0.1 fixes
diff --git a/debian/changelog b/debian/changelog
index 18ba38e..efabe22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+wordpress (4.0.1+dfsg-1) UNRELEASED; urgency=medium
+
+ * New upstream release
+ * Fixes several security bugs Closes: #770425
+ - Three cross-site scripting issues that a contributor or
+ author could use to compromise a site.
+ - A cross-site request forgery that could be used to trick a
+ user into changing their password.
+ - An issue that could lead to a denial of service when
+ passwords are checked.
+ - Additional protections for server-side request forgery
+ attacks when WordPress makes HTTP requests.
+ - An extremely unlikely hash collision could allow a user’s
+ account to be compromised, that also required that they
+ haven’t logged in since 2008.
+ - WordPress now invalidates the links in a password reset email
+ if the user remembers their password, logs in, and changes
+ their email address.
+ -- Craig Small <[email protected]> Sat, 22 Nov 2014 19:17:33 +1100
+
wordpress (4.0+dfsg-1) unstable; urgency=medium
* New upstream release
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
