[Secure-testing-team] Bug#608405: wordpress: 3.0.4 available upstream: important xss security update

Matthew Carroll m at tthew.org.uk
Thu Dec 30 16:18:00 UTC 2010 

Package: wordpress
Version: 3.0.3.dfsg-1
Severity: grave
Tags: security
Justification: user security hole


Hi

Please package 3.0.4 asap. This security update may also need to be applied to stable.

http://wordpress.org/news/2010/12/3-0-4-update/

Thanks
Matthew


-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (990, 'stable'), (700, 'testing'), (650, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages wordpress depends on:
ii  apache2            2.2.9-10+lenny8       Apache HTTP Server metapackage
ii  apache2-mpm-prefor 2.2.9-10+lenny8       Apache HTTP Server - traditional n
ii  libapache2-mod-php 5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti
ii  libjs-cropper      1.2.0-1               JavaScript image cropper UI
ii  libjs-jquery       1.4.2-2               JavaScript library for dynamic web
ii  libjs-prototype    1.6.0.2-4             JavaScript Framework for dynamic w
ii  libjs-scriptaculou 1.8.1-5               JavaScript library for dynamic web
ii  libphp-phpmailer   1.73-6                full featured email transfer class
ii  libphp-snoopy      1.2.4-1               Snoopy is a PHP class that simulat
ii  mysql-client       5.0.51a-24+lenny4     MySQL database client (metapackage
ii  mysql-client-5.0 [ 5.0.51a-24+lenny4     MySQL database client binaries
ii  php-gettext        1.0.7-6               read gettext MO files directly, wi
ii  php5               5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti
ii  php5-gd            5.2.6.dfsg.1-1+lenny9 GD module for php5
ii  php5-mysql         5.2.6.dfsg.1-1+lenny9 MySQL module for php5
ii  tinymce            3.3.8+dfsg0-0.1       platform independent web based Jav

Versions of packages wordpress recommends:
pn  wordpress-l10n                <none>     (no description available)

Versions of packages wordpress suggests:
ii  mysql-server           5.0.51a-24+lenny4 MySQL database server (metapackage
ii  mysql-server-5.0 [mysq 5.0.51a-24+lenny4 MySQL database server binaries

-- no debconf information

More information about the Secure-testing-team mailing list