CVS commit: pkgsrc/www/wordpress

To: pkgsrc-changes%netbsd.org@localhost
Subject: CVS commit: pkgsrc/www/wordpress
From: "Daniel Horecki" <morr%netbsd.org@localhost>
Date: Mon, 24 Nov 2014 19:08:53 +0000

Module Name:    pkgsrc
Committed By:   morr
Date:           Mon Nov 24 19:08:53 UTC 2014

Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to 4.0.1.

Changes:
- Three cross-site scripting issues that a contributor or author could use to
  compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
  their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
  makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
  compromised, that also required that they haven’t logged in since 2008 (I
  wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
  remembers their password, logs in, and changes their email address.

More details on http://codex.wordpress.org/Version_4.0.1.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/time
Next by Date: CVS commit: pkgsrc/www/py-flask-wtf
Previous by Thread: CVS commit: pkgsrc/time
Next by Thread: CVS commit: pkgsrc/www/py-flask-wtf
Indexes:

Home | Main Index | Thread Index | Old Index