pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/wordpress
Module Name: pkgsrc
Committed By: morr
Date: Thu Sep 12 17:19:59 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
This maintenance release addresses 13 bugs with version 3.6.
Additionally: Version 3.6.1 fixes three security issues:
* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.
Additional security hardening:
* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.
More on http://codex.wordpress.org/Version_3.6.1
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/wordpress/PLIST
cvs rdiff -u -r1.26 -r1.27 pkgsrc/www/wordpress/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index