[ubuntu/intrepid] wordpress 2.5.1-8ubuntu1 (Accepted)

Stefan Ebner sebner at ubuntu.com
Mon Oct 6 22:00:12 BST 2008 

wordpress (2.5.1-8ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
   + debian/apache.conf:
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql:
    - Changed to use /var/www instead of /srv/www.
   + debian/patches/010_remove_update_notice.patch:
    - Removed Wordpress upgrade notify in admin dashboard.
  * Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
    in our version we don't need it. (See LP: #269301)

wordpress (2.5.1-8) unstable; urgency=high

  * Added 009CVE2008-4106 patch. (Closes: #500115)
    Whitespaces in user name are now checked during login.
    It's not possible to register an "admin(n-whitespaces)" user anymore
    to gain unauthorized access to the admin panel.

wordpress (2.5.1-7) unstable; urgency=high

  * Modified CVE2008-3747 patch. (Closes: #497524)
    The old patch made the package completely unusable. The new
    one should solve the issue. (Thanks to Del Gurt)

wordpress (2.5.1-6) unstable; urgency=high

  * Added patch to fix remote attack vulnerability (Closes: #497216)
  	Attackers could gain administrative powers by sniffing cookies.
  	This patch force wordpress over a ssl connection to prevent
  	this issue. (CVE-2008-3747)

Date: Thu, 02 Oct 2008 22:24:20 +0200
Changed-By: Stefan Ebner <sebner at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Signed-By: James Westby <jw+debian at jameswestby.net>
https://launchpad.net/ubuntu/intrepid/+source/wordpress/2.5.1-8ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 02 Oct 2008 22:24:20 +0200
Source: wordpress
Binary: wordpress
Architecture: source
Version: 2.5.1-8ubuntu1
Distribution: intrepid
Urgency: high
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Stefan Ebner <sebner at ubuntu.com>
Description: 
 wordpress  - weblog manager
Closes: 497216 497524 500115
Launchpad-Bugs-Fixed: 269301
Changes: 
 wordpress (2.5.1-8ubuntu1) intrepid; urgency=low
 .
   * Merge from debian unstable, remaining changes:
    + debian/apache.conf:
     - Changed to use /var/www instead of /srv/www for virtual webroot.
    + debian/setup-mysql:
     - Changed to use /var/www instead of /srv/www.
    + debian/patches/010_remove_update_notice.patch:
     - Removed Wordpress upgrade notify in admin dashboard.
   * Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
     in our version we don't need it. (See LP: #269301)
 .
 wordpress (2.5.1-8) unstable; urgency=high
 .
   * Added 009CVE2008-4106 patch. (Closes: #500115)
     Whitespaces in user name are now checked during login.
     It's not possible to register an "admin(n-whitespaces)" user anymore
     to gain unauthorized access to the admin panel.
 .
 wordpress (2.5.1-7) unstable; urgency=high
 .
   * Modified CVE2008-3747 patch. (Closes: #497524)
     The old patch made the package completely unusable. The new
     one should solve the issue. (Thanks to Del Gurt)
 .
 wordpress (2.5.1-6) unstable; urgency=high
 .
   * Added patch to fix remote attack vulnerability (Closes: #497216)
   	Attackers could gain administrative powers by sniffing cookies.
   	This patch force wordpress over a ssl connection to prevent
   	this issue. (CVE-2008-3747)
Checksums-Sha1: 
 94dd095601e721ae613f2c68aead25fcefb26764 1122 wordpress_2.5.1-8ubuntu1.dsc
 910d290c31806821e5016f6d1b4f8676c588c7f3 697960 wordpress_2.5.1-8ubuntu1.diff.gz
Checksums-Sha256: 
 6963758dbd9839b4f8e3a4da5d9b665910bb0788eff155576546c9d88513678c 1122 wordpress_2.5.1-8ubuntu1.dsc
 890af2f8cc03c6ed48ae94780874603dfbf93a36f11cb9eb69ef898d58be2609 697960 wordpress_2.5.1-8ubuntu1.diff.gz
Files: 
 9c78eb46a1f95f52fa5f7d259a38e1de 1122 web optional wordpress_2.5.1-8ubuntu1.dsc
 ec7269a5f7e82932d67a0f2de734a144 697960 web optional wordpress_2.5.1-8ubuntu1.diff.gz
Original-Maintainer: Andrea De Iacovo <andrea.de.iacovo at gmail.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjqdo4ACgkQRej+37V3/hMu8gCeIfvXdfw1IZQjg49rX+qiQgkr
6IQAoK+sNTZ6dbFs9c2xLgKJ6/yBZ+VH
=PH3d
-----END PGP SIGNATURE-----

More information about the Intrepid-changes mailing list