-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 15 Aug 2009 11:58:32 +0200 Source: wordpress Binary: wordpress Architecture: source all Version: 2.0.10-1etch4 Distribution: oldstable-security Urgency: high Maintainer: Andrea De Iacovo <andrea.de.iacovo@gmail.com> Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it> Description: wordpress - an award winning weblog manager Closes: 491846 500115 504234 504243 504771 531736 531736 536724 Changes: wordpress (2.0.10-1etch4) oldstable-security; urgency=high . * [2ef79dd] Removed 010CVE2008-0664.patch, it caused a regression and wordpress 2.0.10 isn't affected by CVE-2008-0664. (Closes: #491846) * [abbabe9] Fixed CVE-2008-1502 _bad_protocol_once function in KSES allows remote attackers to conduct XSS attacks (Closes: #504243) * [e8a73eb] Fixed CVE-2008-4106: Whitespaces in user name are now checked during login. (Closes: #500115) * [8a2e4f9] Fixed CVE-2008-4769: Sanitize "cat" query var and cast to int before looking for a category template * [711274f] Fixed CVE-2008-4796: missing input sanitising in embedded copy of Snoopy.class.php (Closes: #504234) * [17c72c0] Fixed CVE-2008-6762: Force redirect after an upgrade (Closes: #531736) * [88d8244] Fixed CVE-2008-6767: Only admin can upgrade wordpress. (Closes: #531736) * [d5c02a9] Fixed CVE-2009-2334 and CVE-2009-2854: Added some CYA cap checks (Closes: #536724) * [80e9dbd] Fixed CVE-2008-5113: Force REQUEST to be GET + POST. If SERVER, COOKIE, or ENV are needed, use those superglobals directly. (Closes: #504771) * [7f577ca] Fixed CVE-2009-2851: Sanitize HTML URLs in author comments * [f23d55f] Fixed CVE-2009-2853: Stop direct loading of files in wp-admin that should only be included Files: d9389cbc71eee6f08b15762a97c9d537 607 web optional wordpress_2.0.10-1etch4.dsc 45349b0822fc376b8cfef51b5cec3510 50984 web optional wordpress_2.0.10-1etch4.diff.gz 71a6aea482d0e7afb9c82701bef336e9 521060 web optional wordpress_2.0.10-1etch4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqN5KUACgkQ62zWxYk/rQf2XgCdFV8GR2K1YxsS+LI4qrIQVc+z FXQAoKs1Tt+JiOHxEEM61EeSOwUpUPhw =kQoV -----END PGP SIGNATURE----- Accepted: wordpress_2.0.10-1etch4.diff.gz to pool/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz wordpress_2.0.10-1etch4.dsc to pool/main/w/wordpress/wordpress_2.0.10-1etch4.dsc wordpress_2.0.10-1etch4_all.deb to pool/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb