[ubuntu/trusty-updates] wordpress 3.8.2+dfsg-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Sat Nov 22 18:58:07 UTC 2014

wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
    - 3.8.3:
      - Post collision bug fix (wp-admin/includes/post.php)
    - 3.8.4:
      - CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
      - CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
      - CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
      - Constant time wp_verify_nonce (wp-includes/compat.php)
    - 3.8.5:
      - three cross-site scripting issues
      - cross-site request forgery to trigger password change
      - DoS when passwords are checked
      - protections against server-side request forgery attacks
      - hash collision on pre-2008 logins
      - invalidate links from password reset emails after use

Date: 2014-11-22 17:43:12.301952+00:00
Changed-By: Kees Cook <kees at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list