-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Jun 2013 15:52:07 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.5.2+dfsg-1~deb7u1 Distribution: wheezy-security Urgency: low Maintainer: Giuseppe Iuculano <iuculano@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 713947 Changes: wordpress (3.5.2+dfsg-1~deb7u1) wheezy-security; urgency=low . * New upstream release with many security fixes. Closes: #713947 * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Additional security hardening includes: * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. * Update the Vcs-Git and Vcs-Browser URLs. * Update Standards-Version to 3.9.4. Checksums-Sha1: 328c43661b04793cd8c1b74cc99b73277f1c81db 2371 wordpress_3.5.2+dfsg-1~deb7u1.dsc 0b0ed001dfaf4d9ea10d1cd6bf32c8755b1b098e 4261024 wordpress_3.5.2+dfsg.orig.tar.xz 6380169163222142f4bda8c7b340b4bfa4093399 5258236 wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 26e327106c0f1f79baa19d0579f3e6d640fc3ffc 4932942 wordpress_3.5.2+dfsg-1~deb7u1_all.deb 12a3db6aa0dbd8962b2b9e308f222a5d9d26e031 8818752 wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb Checksums-Sha256: 1063ceb235db70cd311ddcdabe441bf8ddaea2022af4c7c01014c6b6a67a97f3 2371 wordpress_3.5.2+dfsg-1~deb7u1.dsc c4403b912ec5154aa2ff67e2b7afa5a4b67dca055e3421cc000212b73e6f1eb4 4261024 wordpress_3.5.2+dfsg.orig.tar.xz ee56f142aad5df8b110101730fe7ecf87a45c1d7b76e4ae53a6ace2851ada5d2 5258236 wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 7e88a1568ad12f4aaecc9946709cf1a123ad9fc8cb0aae5cb8a46682d5ddb18b 4932942 wordpress_3.5.2+dfsg-1~deb7u1_all.deb 761c762994e70be95e2ec5c02276265efeda066b88764253971802e407790734 8818752 wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb Files: 3aefef9e0595b6f0d04b480b6b744648 2371 web optional wordpress_3.5.2+dfsg-1~deb7u1.dsc 9dcb3e16668d19373ffdf9b0fe2657dd 4261024 web optional wordpress_3.5.2+dfsg.orig.tar.xz 8af1e30f2698f80abc2c4a0401453ce9 5258236 web optional wordpress_3.5.2+dfsg-1~deb7u1.debian.tar.xz 85f78662d8cb6e58a3077684fae35ccc 4932942 web optional wordpress_3.5.2+dfsg-1~deb7u1_all.deb c62c1573b0da00eb2ae3499015d73882 8818752 localization optional wordpress-l10n_3.5.2+dfsg-1~deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJRzKQ7AAoJEOYZBF3yrHKazGcQAJjM7B1IdLVMebDXA79ewQvF SV0X+Htbh6gCOI06rlCOxdeXFmgGRMx5nRbxD4I6z7pSDx+/E/cBIVU15vPB5Bt5 sAxNEQMT580kfmSTzif9tcy2OqeZxlDQFgP/Pwtw7P230/b/lt/gijUetoBAQN1g cWpslcxiO+f9aexKIDKB6yN5z5ouW5R0ATnSsrL6ObHuQ5FPLXWksSbD8Has56An lPGDdlvCsUhTY3tvwYerdebS6u/2vuJTt+j84KxtVRHGB1EHo3Buy0sT0+Eh1LPc zpwG8vEuKnHALGGfE8mpBKuK0qXm4D3LdLjTYak8omnymDBzoDTOrK1H4w1dj6J7 XUGcCb8q4p+rN2EYRsGvAGv6cU+NpIsOp11HN1tcpTVJlOXLKbbVOK3WnS+yRhDm 3fIeGKWh40vLerQau/mYAyZs2jRhSHuBYuBwCXC0AJSaDXlbdfVGKWZbjOwVbELZ 2Yl0hPolFgh/RoXodKQliWlF/B5zavTY/0WBiMi19RvzvEm6DJ/ixjFppOKpoh8E 4svx7u+kjDXwFkyBdad6w62w5R97kQ0YM536WDe7hH0f2ZoEIzgETSurSDULUEJ2 jv6IA+paejPTgdhnl+VxGrY0NaXgB461xFwHJfAmEtDC82VpSSjYu+zLbI6Ktw9U W7PVVmTDdVUYBvDzbgNU =R5oh -----END PGP SIGNATURE-----