-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 May 2012 23:00:46 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.3.2+dfsg-1~squeeze1 Distribution: stable-security Urgency: low Maintainer: Giuseppe Iuculano <iuculano@debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 670124 Changes: wordpress (3.3.2+dfsg-1~squeeze1) stable-security; urgency=low . * Import wordpress from Wheezy to fix all the security issues present in Squeeze. This fixes: - CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130 (multiple unspecified vulnerabilities) which were allocated from the Wordpress 3.1.3 / 3.2 beta2 release announcement - CVE-2011-4956 (missing input sanitization) and CVE-2011-4957 (missing URL length check in make_clickable() function) allocated from Wordpress 3.1.1 release announcement. - CVE-2012-2399 (unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf), CVE-2012-2400 (unspecified vulnerability in wp-includes/js/swfobject.js), CVE-2012-2401 (Same-Origin Policy bypass in Plupload plugin), CVE-2012-2402 (access restriction bypass by authenticated site administrators), CVE-2012-2403 (Wordpress supports clickable links inside attributes, making it easier to conduct XSS attacks) CVE-2012-2404 (Wordpress supports offsite redirects, making it easier to conduct XSS attacks), which were allocated from the 3.3.2 release announcement. closes: #670124 * debian/wordpress.linktrees: - don't symlink TinyMCE, it's too old in Squeeze. - don't deduplicate jquery, same thing. - don't deduplicate jquery-form, doesn't exist in Squeeze. * debian/control: - drop build-dep on tinymce, libjs-jquery and libjs-jquery-form, we'll use the embedded versions. Checksums-Sha1: 9317a6b281ca70f2d4af3acfe8e37f33be38f6b9 2123 wordpress_3.3.2+dfsg-1~squeeze1.dsc bc70e62569cda9d0dd13b9210d5df64b5d7cde52 3893105 wordpress_3.3.2+dfsg.orig.tar.gz 760c22148fb5d7af75629fd68f9faba2cb8212a9 13970688 wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz 792afe139ac350bccb2585bd4c309c9b128072c8 3862096 wordpress_3.3.2+dfsg-1~squeeze1_all.deb 8a4927fb760f6985905157320f12cf1ce444b905 6535922 wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb Checksums-Sha256: 0b25d6c682b4ad0b357b138bea565c76d88d741a0c18748ef02a7ee57c4d17d9 2123 wordpress_3.3.2+dfsg-1~squeeze1.dsc 1812098d4c3ba35f0b64c5e2af21c24f6c530c2d680f9cee78bc138615b607fb 3893105 wordpress_3.3.2+dfsg.orig.tar.gz fbb6e00b17e6dad5564d2daadf76995a2b5793f1b078e48139310810c11f2957 13970688 wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz 4a07b967af497a19660e4cca426cc97576b9211ab992409f93c72ab5c104fd89 3862096 wordpress_3.3.2+dfsg-1~squeeze1_all.deb daa128fe4e4794639c5249f1b807b90ffef19f8f5c733d4370bbc289aa085ef3 6535922 wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb Files: cdd10cd122bb204cff70a50d7069d302 2123 web optional wordpress_3.3.2+dfsg-1~squeeze1.dsc f8f90cab2ed60a94a430410423acfda6 3893105 web optional wordpress_3.3.2+dfsg.orig.tar.gz 04408f7c7645117dd9f6eb4afa77186b 13970688 web optional wordpress_3.3.2+dfsg-1~squeeze1.debian.tar.xz 0e8891b4bd247ac4484bd47d1fa37a60 3862096 web optional wordpress_3.3.2+dfsg-1~squeeze1_all.deb f9b3616617fbb87106c2a8ed42a3ebf9 6535922 localization optional wordpress-l10n_3.3.2+dfsg-1~squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJPrKcdAAoJEDBVD3hx7wuoO9cP/Al0M3xo4DKNY8FJrEgE9QL5 VSmTn8iFJSH5llvN8uuQ4LSZAbzfBPLYJoZTctezaO6KigQD4NjXPzJYCghFvr2D 6FPGpbsiM9gbHASGa91p8ujuVRwo1IIttU01Gmlzo+dk2WQjobLdz5poVfK3qjC5 EUK1OvgjnWC31hxuSqespAfCpf4vZZCdMlmdYRWHdCOvVMwFlXwUCCLh8l/nFblN JHjxV/xXwubyGi8OqtW2L0CNFuaR7eCVfXF85LqLKdAFsq6Qph7sXkBC8dExf4Oq 8uztZoG3Hfc/pZd1LNhFi0sXbc14AuA5eSOBkat/veHCeJL1ba9OIIuSC0DO5MML eMbXegr9RQ6Xn4jxeCL8iTmgP38QBnFIip1o5sbNP5y/SqCYZuCzrWe0lE8eoPUW TCipq+MPrQe3h6kXBsMYW2Kaq5raUr1x96Id4JzUVttJSPnj6rrKYCiCjnbZzXsk sWmuuG6LPBRr6pSE6l2qzrqhWfIBCgLX89AHvawOsAeh5cB9wiR4jSEgadRT5Xhh vkSg1iLqErGm6Uu6fuhh8Bm7+GPGlDFB2xRzQoC3EwZzE/znHv/sZjCIbjBOFMKv j26T/hrUYumrRFouGddoT+lh9wQwbxsMg4ncby1XN4I0vVMrkORWvLHZkZnENcpm t6glXuJnEwIA+iUer19Q =iwR+ -----END PGP SIGNATURE-----