-
wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/includes/post.php)
- 3.8.4:
- CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
- CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
- Constant time wp_verify_nonce (wp-includes/compat.php)
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
-- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
-
wordpress (3.8.2+dfsg-1) unstable; urgency=high
* New upstream release Fixes CVE-2014-0165, CVE-2014-0166
and Closes: #744019
-- Craig Small <email address hidden> Wed, 09 Apr 2014 22:13:54 +1000
-
wordpress (3.8.1+dfsg1-2) unstable; urgency=medium
* Updated copyright file Closes: #736514
-- Craig Small <email address hidden> Fri, 14 Feb 2014 22:03:49 +1100
-
wordpress (3.8.1+dfsg-1) unstable; urgency=medium
* New upstream release.
* Depend on either mysql or mariadb client Closes: #732914
-- Craig Small <email address hidden> Fri, 24 Jan 2014 22:20:08 +1100
-
wordpress (3.7.1+dfsg-1) unstable; urgency=low
* New upstream release.
* Enable usage of php5-mysqlnd as an alternative to php5-mysql.
Closes: #722552
* Improve wp-setup to cope with plugins/themes directories with
spaces. Thanks to Oskar Liljeblad <email address hidden> for the patch.
Closes: #723074
* Refresh patches
-- Raphaël Hertzog <email address hidden> Wed, 13 Nov 2013 20:41:09 +0100
-
wordpress (3.6.1+dfsg-1) unstable; urgency=high
* New upstream security release.
-- Raphaël Hertzog <email address hidden> Thu, 12 Sep 2013 07:58:57 +0200
