-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Mar 2015 10:56:52 +0100 Source: movabletype-opensource Binary: movabletype-opensource movabletype-plugin-core movabletype-plugin-zemanta Architecture: source all Version: 5.1.4+dfsg-4+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Movable Type and OpenMelody team <pkg-mt-om-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: movabletype-opensource - Well-known blogging engine movabletype-plugin-core - Core Movable Type plugins movabletype-plugin-zemanta - Zemanta Movable Type plugin Closes: 712602 774192 Changes: movabletype-opensource (5.1.4+dfsg-4+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-9057.patch patch. CVE-2014-9057: SQL injection vulnerability in the XML-RPC interface. (Closes: #774192) * Add CVE-2015-1592.patch patch. CVE-2015-1592: The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code. * Add CVE-2013-2184.patch patch. CVE-2013-2184: Unsafe use of Storable::thaw in the handling of comments to blog posts. (Closes: #712602) Checksums-Sha1: 20d4e16c77e79d69504f7c8e63288498a6c248ef 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc 7b7a022018a5a97a6eda2af8c480e6bbdfafdc67 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz 790733117b23c4152b394b1e000f52484f675a06 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 0877defaf8a32fe817482624aaddf31eae003bb0 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 70590d268d6fc3ab644d6dcd478bd034359f8c2f 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb Checksums-Sha256: da5fbced85f5324ef3bcb45eb69589c30b6a2c1e8639c2286146062a5fb3dd08 2327 movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc a7c15e9ad68f7687bc4ea2a1b26fc9731e3a21a9a3d722935673cf71af591dc7 40969 movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz af9f4ccd3553288245907aab500c57b4e7697d9d841085fd5954fb0233d5b148 4117052 movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 5ab71123ce322b11a8cf78a8dc2e2719022abf265f5d048e427aae23a9c06393 170524 movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 17cb69b87da8c886ab3838a2ffee87bcf316b50289e22d05db661787ba79d7c2 16728 movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb Files: ab66733c94cc8d8e929c26bf51150684 2327 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.dsc cb943096d059f244f34773a47ada102d 40969 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2.debian.tar.gz 24100dd1a007e25e566a38256936f697 4117052 web optional movabletype-opensource_5.1.4+dfsg-4+deb7u2_all.deb 7174613894012ed0bee524cdcb4aa2c1 170524 web optional movabletype-plugin-core_5.1.4+dfsg-4+deb7u2_all.deb 110306048da7047291a4aeb34aa5d93c 16728 web optional movabletype-plugin-zemanta_5.1.4+dfsg-4+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVAaGsAAoJEAVMuPMTQ89EnNkQAJT5RXlQ4YvvDVcwm/8Cncfh eOF+BToFMZpuCo61bmzrLnec/S2LSd6NvIjQT5FcUcFckR/iwPHK84KGKb0mwa/r nPWuIjcaxgoijs2h0dC02Bx40mHIW8i2fFH7ytT7GJMBs7rO91z9UAdpwrKnw5xg YEB7JnJSDOlr2eFYLU0Z4qgxAVGoI/n5AGXyZYNqwzARSNVKD5FBvR5SJM+huz9f Aj+q6XS49LrQOEXok76OGhE6Q6YYIBNJnHQaChDsf0l6TAsfgaGyBlLleOIBIG1E XtiitXwUjE2XuC6coKUH1IaXmupuUQUbCFnzm3WRgTTceFbcEFgegbEgk6usGPWD sulyRDMblZhOC7mN9PRIsSJk0i6GvywWiBepS898Z+MyM/edEy0f//fjIIMd5CwL v0doN7lBS+gQexHzfJN8PKzDEOt+Ga2DAgLeSQ9zgx2MwycxRhvE88UrkSdMMFEF Gr0oEDentWXMHVRK82PDgycACaTBfxvlqTSjozqFZhR5lOMnyrVCdMMgTJaCzY8w 9IHwFKbk+fZUX+BQ4Tf2YlbC22ZxRUgTq+2YMizmX66HfmrBqf3abuwBUAn6eH6W vQEg92M1ducEDaCZdYzTe2n41XWOynDNN9HZQG235A3xyWwqlrRIKcRA9bIvZlpn ulv96bHNFI3TK+hYuivl =UrVV -----END PGP SIGNATURE-----
