-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Jun 2015 13:07:25 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb6u6 Distribution: squeeze-lts Urgency: medium Maintainer: Giuseppe Iuculano <iucul...@debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 770425 783347 783554 Changes: wordpress (3.6.1+dfsg-1~deb6u6) squeeze-lts; urgency=medium . [ Mike Gabriel ] * Non-maintainer upload by the Squeeze LTS Team. + Backport patch set from wordpress in Debian wheezy (3.6.1+dfsg-1~deb7u5 and 3.6.1+dfsg-1~deb7u6). + For details, see below. . [ Craig Small ] * From 3.6.1+dfsg-1~deb7u6... * Backports of 4.1.2 security fixes (CVE-2015-3438, CVE-2015-3439). (Closes: #783347). - Changeset 32163 sanity checks - Changeset 32165 sanitize order by - Changeset 32174 multisite change extra checks - Changeset 32176 Dashboard escapes titles - Changeset 32234 More WPDB query sanity * Backport of 4.2.1 for security fixes Closes: #783554 - Changeset 32307: XSS for long 64k+ comments (CVE-2015-3440). * Changeset 32172 NOT applied as bug introduced later. . * From 3.6.1+dfsg-1~deb7u5... * Backport patches for 3.7.4->3.7.5 (Closes: #770425). - CVE-2014-9031 XSS in wptexturize() via comments or posts - CVE-2014-9033 CSRF in the password reset process - CVE-2014-9034 Denial of service for giant passwords - CVE-2014-9035 XSS in Press This - CVE-2014-9036 XSS in HTML filtering of CSS in posts - CVE-2014-9037 Hash comparison vulnerability in old passwords - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space - CVE-2014-9039 Email address change didn't invalidate previously sent password reset Checksums-Sha1: 8579908c887fbf54853c35656000f252b859ad5f 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc d6c057f370bbe0e14a4e401e0f4af4ca0f39900b 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz f47b685b0549607a5ed361883932d563b802ee7a 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb fa08938e7c79647ed5b81431794b566afb2c717e 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb Checksums-Sha256: 0973d67ec3bfb3d5640f40d4f05720cb9312c83ff170e4bbdd5c84375bed5928 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc 313a26e3b23acc805c883faacdc70dcbd7388478ba07fb76312c7a2b12bd8e1f 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz 877e790334675ee6e77d4e130d61cd381e260ae724ccf30996994ac19a70d490 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb e72c9b4bb1985a04ae0b6006faba85184d031f6758d1914956d8f6f31dd39071 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb Files: 83ee2d80c631c8506d121dc0fc2b0c28 2194 web optional wordpress_3.6.1+dfsg-1~deb6u6.dsc 166957d040da2b4a989d6574070ac6bf 11018022 web optional wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz bb6760d7fd9db4ae24c253739e02e445 3992404 web optional wordpress_3.6.1+dfsg-1~deb6u6_all.deb 2c0ca74294de6264aa48e4fe63d14d34 8869726 localization optional wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVbEIrAAoJEJr0azAldxsx3mQQAJwp+0XGRI2IdL3ObCKd2ic3 3iqRo2EcQME9z8+KI1uDXzLNa+1GFAUW1WiqzIetvcrNAIz9YVt7DGVaL6SZQSQu adZcHsXgtw/+NJBiqx6Nfjk6Uo6Xh7WMBhHVwt2QpHIt5I7xKK6RWN3aiXdNOuGq lYqvGZt/TAu5FiPU09iUqp5OcflcCVnHvRm/d/UwU20cS43voYvhrhj3kXXqOMyV x3uuAC/Uz9Lp64WO+FDFH+skIAUV4zTQw0auQCefOF+vNjvcWezUiDTfez0t0XUv yLNHFM/w1Heu4ZOaOC+ntO3hyJzyEFTqFpoPu9d2ilM5KGQcqn4vEXHIyEA0pwD7 a++5v+S9Q+ELwc1LUKEElv7gOu0NTk2+cHk0IQ2b2CcANu+I43vXN313Vhua/TF4 sYIp8Q7hv52fpgtWeaCGhZZPdUC65D8Z28pBFcIjNZek8JMH++m9s9r3yx4xHSqT b3s1lsVWGfa4ZC2XjVF7FPrAb2b1g+ld7TG7f+N4NEV2hJN+DKKeU/GZZREm/o4t AocQcqmJsxi0KGSZCXbqZTvTCyT6WOuVU6sWPvypKuEJuUvO48ZOdDFCqzbPUyqp DUdPqPShD5qdDgEghug+7dbcoc+yF6t5Zzo7f308O/acIJnHAMknAC23Z3Sj7TA3 6vuQhTo9ij4MxEOZGb/m =ylZN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-lts-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yzohf-0000ws...@franck.debian.org