[Secure-testing-team] Bug#608405: wordpress: 3.0.4 available upstream: important xss security update
Matthew Carroll
m at tthew.org.uk
Thu Dec 30 16:18:00 UTC 2010
Package: wordpress
Version: 3.0.3.dfsg-1
Severity: grave
Tags: security
Justification: user security hole
Hi
Please package 3.0.4 asap. This security update may also need to be applied to stable.
http://wordpress.org/news/2010/12/3-0-4-update/
Thanks
Matthew
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (990, 'stable'), (700, 'testing'), (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages wordpress depends on:
ii apache2 2.2.9-10+lenny8 Apache HTTP Server metapackage
ii apache2-mpm-prefor 2.2.9-10+lenny8 Apache HTTP Server - traditional n
ii libapache2-mod-php 5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti
ii libjs-cropper 1.2.0-1 JavaScript image cropper UI
ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web
ii libjs-prototype 1.6.0.2-4 JavaScript Framework for dynamic w
ii libjs-scriptaculou 1.8.1-5 JavaScript library for dynamic web
ii libphp-phpmailer 1.73-6 full featured email transfer class
ii libphp-snoopy 1.2.4-1 Snoopy is a PHP class that simulat
ii mysql-client 5.0.51a-24+lenny4 MySQL database client (metapackage
ii mysql-client-5.0 [ 5.0.51a-24+lenny4 MySQL database client binaries
ii php-gettext 1.0.7-6 read gettext MO files directly, wi
ii php5 5.2.6.dfsg.1-1+lenny9 server-side, HTML-embedded scripti
ii php5-gd 5.2.6.dfsg.1-1+lenny9 GD module for php5
ii php5-mysql 5.2.6.dfsg.1-1+lenny9 MySQL module for php5
ii tinymce 3.3.8+dfsg0-0.1 platform independent web based Jav
Versions of packages wordpress recommends:
pn wordpress-l10n <none> (no description available)
Versions of packages wordpress suggests:
ii mysql-server 5.0.51a-24+lenny4 MySQL database server (metapackage
ii mysql-server-5.0 [mysq 5.0.51a-24+lenny4 MySQL database server binaries
-- no debconf information
More information about the Secure-testing-team
mailing list