wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/includes/post.php)
- 3.8.4:
- CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
- CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
- Constant time wp_verify_nonce (wp-includes/compat.php)
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
Date: 2014-11-22 17:43:12.301952+00:00
Changed-By: Kees Cook <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/wordpress/3.8.2+dfsg-1ubuntu0.1
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
