Publishing details
-
Published
-
Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Marc Deslauriers
Changelog
wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/includes/post.php)
- 3.8.4:
- CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
- CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
- Constant time wp_verify_nonce (wp-includes/compat.php)
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
-- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
Builds
Built packages
-
wordpress-l10n
weblog manager - language files
-
wordpress-theme-twentyfourteen
weblog manager - twentyfourteen theme files
-
wordpress-theme-twentythirteen
weblog manager - twentythirteen theme files
-
wordpress-theme-twentytwelve
weblog manager - twentyttwelve theme files
Package files