-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Jun 2013 15:52:07 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.5.2+dfsg-1 Distribution: unstable Urgency: low Maintainer: Giuseppe Iuculano <iuculano@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 713947 Changes: wordpress (3.5.2+dfsg-1) unstable; urgency=low . * New upstream release with many security fixes. Closes: #713947 * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Additional security hardening includes: * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. * Update the Vcs-Git and Vcs-Browser URLs. * Update Standards-Version to 3.9.4. Checksums-Sha1: abe1dd7ea2c1d0a5961b2648eacd9ada77770b8f 2343 wordpress_3.5.2+dfsg-1.dsc 0b0ed001dfaf4d9ea10d1cd6bf32c8755b1b098e 4261024 wordpress_3.5.2+dfsg.orig.tar.xz 8f80c1fc8c0524ac0a6d15e7cd54cd1b6849c3cc 5258120 wordpress_3.5.2+dfsg-1.debian.tar.xz 661e4b724139dcc44b2b31ef25ab7f62659d5331 4932866 wordpress_3.5.2+dfsg-1_all.deb 9bf6af1c2b9e47ee80a0f35250c708cc110b7ea9 8818988 wordpress-l10n_3.5.2+dfsg-1_all.deb Checksums-Sha256: 04bc9447d57be1dd7ddd5585120dd254ab631663b5f18a570a35cc8262282106 2343 wordpress_3.5.2+dfsg-1.dsc c4403b912ec5154aa2ff67e2b7afa5a4b67dca055e3421cc000212b73e6f1eb4 4261024 wordpress_3.5.2+dfsg.orig.tar.xz 9e21d3dc6c5dee8bd8e7fe08cba440e34d80d06e1b66c6586ab68d8d680bd4af 5258120 wordpress_3.5.2+dfsg-1.debian.tar.xz 48807ba99cc996dc3fe550ab99e594231d5b99e64cc140627e9186ea633b4f8d 4932866 wordpress_3.5.2+dfsg-1_all.deb 8140a6f72b1f99e504db0c42c76141c6b0f89109a41c113836fa06fec36922b9 8818988 wordpress-l10n_3.5.2+dfsg-1_all.deb Files: 404c215f8b82e5e528ec458d957afd28 2343 web optional wordpress_3.5.2+dfsg-1.dsc 9dcb3e16668d19373ffdf9b0fe2657dd 4261024 web optional wordpress_3.5.2+dfsg.orig.tar.xz 9639064ce0054cda67e0bec232bd6648 5258120 web optional wordpress_3.5.2+dfsg-1.debian.tar.xz 44db80b3a87460fbcc8989799376a3e1 4932866 web optional wordpress_3.5.2+dfsg-1_all.deb ddd9746396ba0a65fac7a08cba3aa97f 8818988 localization optional wordpress-l10n_3.5.2+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJRybRCAAoJEOYZBF3yrHKaUNUP/jSmImj06ock7ljScmfUN2su EmSHEwdRVr1kRgdlKwXKShRoJV5LnerIcwe3jCK1X+UoOXZy+dinwQC8u8hog8RP 8pJAXdlaIZHG3pUu5dDj3NdwAEv4y3IoTo8v9sbQ9DhrmJ9FDloZX80U/iiatTdY qEKEc6L8T0vuz0cdGKQLch+RoYB0jVQLXCqy3ZABsHX6IxQNVjuqZds5NixyZqrx ONmmctAEpOeUJCW2SSVU8tqn7GmPgHXtMTi0YLwE2i9m0dCMWhJRQAv/FKyiApVK EnuA6ASVOqAoQh9Ikm2h0Bc4pKpfggciWp8VgrmifDsTqAD/ZSPtWskH2pddOuq4 NZJTNImcBAJXOo6q7ha5cIhk10O89mUcFCkontSUD+MbRcidlXTvsJy7Re4ECvHL nm7NFoLvUraa1cbbiBfIRFdqAt247bnvV3L4RDQWUx8/tgfFKQSKlroxWiRcXXzZ Zknoz5UXL9bOAaz2xQu61CR9z4XU3lY9XYIdNeYGSac0RscJKxt+93l06gBTKOG2 xRKQQIAHRXgazUAO/gtxPqVy3fkOJxsxJN26r1Ihn1wk/68pYc6aD+rZATuz+Jmr HifFPbZzgItw36NcXs49QsqYUAnifdH5g3LDFTx8vZH9KDd6aJ7kseXpLZWqegq2 rhkGrjYxeocyE61Zh7Pq =dhFx -----END PGP SIGNATURE-----