CVS commit: [pkgsrc-2014Q3] pkgsrc/www/wordpress

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Nov 25 15:04:11 UTC 2014

Modified Files:
        pkgsrc/www/wordpress [pkgsrc-2014Q3]: Makefile distinfo

Log Message:
Pullup ticket #4559 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.43
- www/wordpress/distinfo                                        1.35

---
   Module Name: pkgsrc
   Committed By:        morr
   Date:                Mon Nov 24 19:08:53 UTC 2014

   Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 4.0.1.

   Changes:
   - Three cross-site scripting issues that a contributor or author could use to
     compromise a site.
   - A cross-site request forgery that could be used to trick a user into changing
     their password.
   - An issue that could lead to a denial of service when passwords are checked.
   - Additional protections for server-side request forgery attacks when WordPress
     makes HTTP requests.
   - An extremely unlikely hash collision could allow a user’s account to be
     compromised, that also required that they haven’t logged in since 2008 (I
     wish I were kidding).
   - WordPress now invalidates the links in a password reset email if the user
     remembers their password, logs in, and changes their email address.

   More details on http://codex.wordpress.org/Version_4.0.1.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.42.2.1 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.34 -r1.34.2.1 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.