Package: wordpress Version: 3.3.1+dfsg-1 Severity: important Tags: security
Page http://codex.wordpress.org/Version_3.3.2 says: Three external libraries included in WordPress received security updates: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes. WordPress 3.3.2 also addresses: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site scripting vulnerability when making URLs clickable. Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. A full log of the changes made for 3.3.2 can be found at http://core.trac.wordpress.org/changeset?new=20554%40branches%2F3.3&old=20087%40branches%2F3.3 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wordpress depends on: ii apache2 2.2.16-6+squeeze7 Apache HTTP Server metapackage ii apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n ii libapache2-mod-php5 5.3.3-7+squeeze8 server-side, HTML-embedded scripti pn libjs-cropper <none> (no description available) ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web pn libjs-prototype <none> (no description available) pn libjs-scriptaculous <none> (no description available) pn libphp-phpmailer <none> (no description available) pn libphp-snoopy <none> (no description available) pn mysql-client <none> (no description available) pn php-gettext <none> (no description available) ii php5 5.3.3-7+squeeze8 server-side, HTML-embedded scripti ii php5-gd 5.3.3-7+squeeze8 GD module for php5 ii php5-mysql 5.3.3-7+squeeze8 MySQL module for php5 pn tinymce <none> (no description available) Versions of packages wordpress recommends: pn wordpress-l10n <none> (no description available) Versions of packages wordpress suggests: pn mysql-server <none> (no description available) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org