[ubuntu/trusty-security] wordpress 3.8.2+dfsg-1ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Sat Nov 22 18:11:04 UTC 2014
wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/includes/post.php)
- 3.8.4:
- CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
- CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
- Constant time wp_verify_nonce (wp-includes/compat.php)
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
Date: 2014-11-22 17:43:12.301952+00:00
Changed-By: Kees Cook <kees at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/wordpress/3.8.2+dfsg-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list