CVS commit: [pkgsrc-2012Q1] pkgsrc/www/wordpress

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Apr 25 19:13:12 UTC 2012

Modified Files:
        pkgsrc/www/wordpress [pkgsrc-2012Q1]: Makefile distinfo

Log Message:
Pullup ticket #3756 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.25
- www/wordpress/distinfo                                        1.20

---
   Module Name: pkgsrc
   Committed By:        morr
   Date:                Wed Apr 25 13:00:37 UTC 2012

   Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to Wordpress 3.3.2.

   Three external libraries included in WordPress received security updates:

   * Plupload (version 1.5.4), which WordPress uses for uploading media.
   * SWFUpload, which WordPress previously used for uploading media, and may 
still be in use by plugins.
   * SWFObject, which WordPress previously used to embed Flash content, and may 
still be in use by plugins and themes.

   WordPress 3.3.2 also addresses:

   * Limited privilege escalation where a site administrator could deactivate 
network-wide plugins when running a WordPress network under particular 
circumstances.
   * Cross-site scripting vulnerability when making URLs clickable.
   * Cross-site scripting vulnerabilities in redirects after posting comments 
in older browsers, and when filtering URLs.


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.24.4.1 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.19 -r1.19.4.1 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.