Bug#670124: wordpress: Security fixes in version 3.3.2

Mon, 23 Apr 2012 00:57:20 -0700 

Package: wordpress
Version: 3.3.1+dfsg-1
Severity: important
Tags: security

Page http://codex.wordpress.org/Version_3.3.2 says:

Three external libraries included in WordPress received security updates:

Plupload (version 1.5.4), which WordPress uses for uploading media.
SWFUpload, which WordPress previously used for uploading media, and may still 
be in use by plugins.
SWFObject, which WordPress previously used to embed Flash content, and may 
still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

Limited privilege escalation where a site administrator could deactivate 
network-wide plugins when running a WordPress network under particular 
circumstances.
Cross-site scripting vulnerability when making URLs clickable.
Cross-site scripting vulnerabilities in redirects after posting comments in 
older browsers, and when filtering URLs.

A full log of the changes made for 3.3.2 can be found at 
http://core.trac.wordpress.org/changeset?new=20554%40branches%2F3.3&old=20087%40branches%2F3.3

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wordpress depends on:
ii  apache2                2.2.16-6+squeeze7 Apache HTTP Server metapackage
ii  apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii  libapache2-mod-php5    5.3.3-7+squeeze8  server-side, HTML-embedded scripti
pn  libjs-cropper          <none>            (no description available)
ii  libjs-jquery           1.4.2-2           JavaScript library for dynamic web
pn  libjs-prototype        <none>            (no description available)
pn  libjs-scriptaculous    <none>            (no description available)
pn  libphp-phpmailer       <none>            (no description available)
pn  libphp-snoopy          <none>            (no description available)
pn  mysql-client           <none>            (no description available)
pn  php-gettext            <none>            (no description available)
ii  php5                   5.3.3-7+squeeze8  server-side, HTML-embedded scripti
ii  php5-gd                5.3.3-7+squeeze8  GD module for php5
ii  php5-mysql             5.3.3-7+squeeze8  MySQL module for php5
pn  tinymce                <none>            (no description available)

Versions of packages wordpress recommends:
pn  wordpress-l10n                <none>     (no description available)

Versions of packages wordpress suggests:
pn  mysql-server                  <none>     (no description available)



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to