-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Sep 2013 10:35:45 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Giuseppe Iuculano <iuculano@debian.org> Changed-By: Yves-Alexis Perez <corsac@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 72253 Changes: wordpress (3.6.1+dfsg-1~deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Import Wordpress 3.6.1 from Jessie to fix all the security issues present in Squeeze closes: #72253 - CVE-2013-4338: unsafe PHP unserialization can causes arbitrary code execution. - CVE-2013-4339: unproper input validation in URL parsing can lead to arbitrary redirection. - CVE-2013-4340: privilege escalation allowing an user with an author role to create an entry appearing as written by another user. - CVE-2013-5738: authenticated users can conduct cross-site scripting attacks (XSS) using crafted html file uploads. - CVE-2013-5739: default Wordpress configuration doesn't prevent upload for .swf and .exe files, making it easier for authenticated users to conduct XSS attacks. Checksums-Sha1: 8fb73996a0aed1cd6319abd1c4f4fea4d4b1c253 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc 997fd2158cd14bd29a5598a81c780db34f7173f7 3214412 wordpress_3.6.1+dfsg.orig.tar.xz 86d5e1c4053dd948ce219b113b05556f3418c3b6 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz bec580f0ecfc952247fe8bd8bde67355783cab1c 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb aae8873b4c1328158458e8a5602ed3a3ce134bd2 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb Checksums-Sha256: 4e34be0168181d1d8b274c304efd53e21e86630445eaa9d96735d389c888a71a 1990 wordpress_3.6.1+dfsg-1~deb7u1.dsc 20714525a688eadd649e2e497b4cd300870445867e1f8b3305b49da5ca55b50d 3214412 wordpress_3.6.1+dfsg.orig.tar.xz 125d9651c2338bebf1ebf6c42dc924974f36ef63b6847eddc5eee7fd6b92ebc3 5226752 wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz d9035ada082f4260f669d1695d508403ee550bc4330134e6e82be763455f4844 3956114 wordpress_3.6.1+dfsg-1~deb7u1_all.deb 7e0676344b3c5531a165f51c98b243d4b99f0929c27c2a91160f3f27761db714 8858980 wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb Files: 21047f8baaf3aefb944a6ea7e71648a2 1990 web optional wordpress_3.6.1+dfsg-1~deb7u1.dsc 4fbd2c241f5d7075b115dfba1b130bfa 3214412 web optional wordpress_3.6.1+dfsg.orig.tar.xz 0c3207d7b5a842c131042e165d2bcf3b 5226752 web optional wordpress_3.6.1+dfsg-1~deb7u1.debian.tar.xz aac46cf8749943c0e6ae6812a9a0bc38 3956114 web optional wordpress_3.6.1+dfsg-1~deb7u1_all.deb 9192c2ed90e9e86c6eb2f0e333ca94f6 8858980 localization optional wordpress-l10n_3.6.1+dfsg-1~deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBCgAGBQJSNCENAAoJEG3bU/KmdcClpvwH/AkMBRyBP8cCGN+k7kcQtC8Y 9NfrzdpQusR6sK3QzU9OKUh9agNrpFen4vf3q9EhqKbF15fGvxAw2xBMnlVcrlYR XELaPWDrCGIFJcsE14+e3rJZ3uI+WK1TZ1s9rC8ujUOxPJFrAsVmmbRhGyxD/rrM anOwiaD3qYYrTf/lOYFQR8HxkSPL8iuauLZIGIKiaOxKmGYXAkwWi+dJsOTDr/f1 gLqdau/Nte2j7C5xQmNxwLs8OBnDDGWEtptOrKH6+NjEtC3PsLce1wDT2Ys0ld/+ JDQ2IgLKgsMN1PGxUTFMOoyiuEIiAGiZqKXhUiand/UDc7uyuOwhwVO9lzL5lK8= =faf4 -----END PGP SIGNATURE-----