CVS commit: pkgsrc/www/wordpress

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/wordpress
From: "Daniel Horecki" <morr%netbsd.org@localhost>
Date: Mon, 24 Jun 2013 16:13:21 +0000

Module Name:    pkgsrc
Committed By:   morr
Date:           Mon Jun 24 16:13:21 UTC 2013

Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign 
authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating 
Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/graphics/libv4l
Next by Date: CVS commit: pkgsrc/www/wordpress
Previous by Thread: CVS commit: pkgsrc/graphics/libv4l
Next by Thread: CVS commit: pkgsrc/www/wordpress
Indexes:

Home | Main Index | Thread Index | Old Index