-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 22 Nov 2014 19:29:37 +1100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfourteen wordpress-theme-twentythirteen wordpress-theme-twentytwelve Architecture: source all Version: 4.0.1+dfsg-1 Distribution: unstable Urgency: high Maintainer: Craig Small <csmall@debian.org> Changed-By: Craig Small <csmall@debian.org> Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files wordpress-theme-twentytwelve - weblog manager - twentyttwelve theme files Closes: 770425 Changes: wordpress (4.0.1+dfsg-1) unstable; urgency=high . * New upstream release * Fixes several security bugs Closes: #770425 - Three cross-site scripting issues that a contributor or author could use to compromise a site. - A cross-site request forgery that could be used to trick a user into changing their password. - An issue that could lead to a denial of service when passwords are checked. - Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. - An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008. - WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Checksums-Sha1: e81ec6d142376daa49bd071abfa1b542d912f31a 2514 wordpress_4.0.1+dfsg-1.dsc c23e3f0af7957f31de78d002290dc067ca536bd6 4767212 wordpress_4.0.1+dfsg.orig.tar.xz 58bdb60bdd50b166a98be6f9315af56f7fb2e035 5234184 wordpress_4.0.1+dfsg-1.debian.tar.xz 1d683b49644925084dad60ce4c6986fa6ae042ad 3509564 wordpress_4.0.1+dfsg-1_all.deb 3bb1d38be1d9045d4f973bb5152be58d39241656 3730236 wordpress-l10n_4.0.1+dfsg-1_all.deb a877ab5bd429688756523ba0758f123e46dbd44f 778060 wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb 3065a3dafeadaf6560e240c0e2825f05727d0eb2 306672 wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb ad09b824d4e98f2f83b5228a7035ccf8fe49af4b 384000 wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb Checksums-Sha256: 2872fcb8b510be49d71c7f933c4d095446ba998ad6c8a4917fc94c26e4e7f678 2514 wordpress_4.0.1+dfsg-1.dsc 01dd39c08137252ddd9adf8b87bb0a2175404b4ac04568724aa4fbe5600c086b 4767212 wordpress_4.0.1+dfsg.orig.tar.xz 641779f1defc66e6a3f289eca3af6008ee59b5f7fd5acb1377d6a998d5184b9c 5234184 wordpress_4.0.1+dfsg-1.debian.tar.xz a45c500f126b672d2b1210c75450ecb24f8ea7775ac86ac72027993b051cc6dd 3509564 wordpress_4.0.1+dfsg-1_all.deb 605a7b0774a97ce0f08b93a664fca58647fb0f43e9dbe855aef8acf8053e44bf 3730236 wordpress-l10n_4.0.1+dfsg-1_all.deb ca153e7deceb136776eb24140d5d16e5203122c5491a48f7900fbef0c03f606f 778060 wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb 4697bbe91a90490757186e359a3a66db167699b238b283fb1c5e895f1e4aa24a 306672 wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb 5e426ea3ac6d142befa698483d972a0e70eccaa0e22a4733dd1007d99a69e9d8 384000 wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb Files: 77dc4a39aae7ccc90566de745c8109be 2514 web optional wordpress_4.0.1+dfsg-1.dsc f152c306a54fa3b7dd58d8e46cc9edc9 4767212 web optional wordpress_4.0.1+dfsg.orig.tar.xz 70321179ecee0a74806d5ffde34b84fc 5234184 web optional wordpress_4.0.1+dfsg-1.debian.tar.xz 9fa85a0532dae923a679db5fb1f7f19f 3509564 web optional wordpress_4.0.1+dfsg-1_all.deb 8901e6677a3031092e485bc23deb2f60 3730236 localization optional wordpress-l10n_4.0.1+dfsg-1_all.deb c2fede0f7e72eff28dc501db47c3eb44 778060 web optional wordpress-theme-twentyfourteen_4.0.1+dfsg-1_all.deb 08d5835d8d48b74902691f0e490ba1e4 306672 web optional wordpress-theme-twentythirteen_4.0.1+dfsg-1_all.deb 37723d4a8af949bad485bb73b651f273 384000 web optional wordpress-theme-twentytwelve_4.0.1+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUcErDAAoJEDk4+WvfUP6lFzgP/inSWwl49/2l4q1qxNvEdME4 s8Lvoarmpqquh0Vc22jLC1QLTlbk4E9sROZUNwBh9D+hGsfjXfm7xi392I+KKqvc 1yqVjporuHvIPGSkosiVoLYvi1bEhn6sqDk/Yf/iq2PwsZt5esVCbZ8bxPAq1Q4d leAVgcsF0qaTyfVD2BRgOlgHoxp1BwoQNb4xeIJ6G2AkYP8c0EiraRZqXYemtAgv cTGSX65RqR3gJaWXwUdaqHSZ6TxZKslfdyA4E64VP1L8CUh3bOTVfrU4y4UEaEQl +eIwQwRgH7IBbw/4wauiQKV/7Ubtvt44wV/Vh4TpD8WW2sQY/xGr3gicZBh+/9Fk jbiqAgwY78i0fG52CgG7ZU+sng5N7xev9hdidZ/kCTm1QsEF6fKmV171FizEJZMb YX6vhOE3zEpDY1hrhFjRvwUNqqC0Hf5Fr/VIpRUYUJ/R8w3zU6PPJ5f/Okyr+aTj Xr/eoPnR1vX1MVZYOIhg+G9+3ACUbGZ1ZNXkk+AJ8vNWrYQvXe5L50DfryX9vrpc cAbGecxcSVyZSCHUIGMpf2Pv+ZBgKfataIXXO6T3o+9NB3XQROombpBYylNpnzMK qszVgMGsaDlz1W6oGgJd9BV6a+FO4uAwdziGJ9baMHZyeq8za1qDL7/IQOF8VXbk ik5wPwMTT2jouBNTMMww =E9Gv -----END PGP SIGNATURE-----