-
wordpress (2.7.1-2ubuntu1) jaunty; urgency=low
* Merge from Debian unstable (LP: #327674), Ubuntu remaining changes:
- debian/apache.conf:
+ Changed to use /var/www instead of /srv/www for virtual webroot.
- debian/setup-mysql:
+ Changed to use /var/www instead of /srv/www.
- debian/patches/010_remove_update_notice.patch:
+ Remove Wordpress upgrade notify in admin dashboard
-- Pedro Fragoso <email address hidden> Tue, 17 Feb 2009 01:15:21 +0000
-
wordpress (2.5.1-11ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes: (LP: #304323)
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
+ debian/patches/010_remove_update_notice.patch:
- Reworked original patch to remove Wordpress upgrade notify
in admin dashboard (Rolf Leggewie) (LP: #227547)
wordpress (2.5.1-11) unstable; urgency=high
* Added 011CVE2008-5278.patch. (Closes: #507193)
Upstream patch for XSS in feed.php self_link function was
implemented. (CVE-2008-5278)
-- Stefan Lesicnik <email address hidden> Tue, 02 Dec 2008 11:06:57 +0200
-
wordpress (2.5.1-10ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes: (LP: #301340)
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
* debian/patches/010_remove_update_notice.patch:
- Reworked original patch to remove Wordpress upgrade notify
in admin dashboard (Rolf Leggewie) (LP: #227547)
* Include patch for CVE2008-3747 (LP: #269301)
wordpress (2.5.1-10) unstable; urgency=high
* 007CVE2008-2392.patch modified.
Now users chan dinamically choose to enable unrestricted upload for admins.
* 010_REQUEST.patch added.
This patch is only a workaround for #504771. Now cookies are properly
checked; if something malicious is found wordpress stops any other execution
until cookies are not cleaned.
-- Stefan Lesicnik <email address hidden> Sun, 23 Nov 2008 18:12:33 +0200
-
wordpress (2.5.1-9ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
- modified to fix permissions on /var/www
+ debian/patches/010_remove_update_notice.patch:
- Removed Wordpress upgrade notify in admin dashboard.
wordpress (2.5.1-9) unstable; urgency=high
* Wordpress now depends on libphp-snoopy (Closes: #443948)
* libphp-snoopy dependance solves grave security issue (Closes: #504234)
Thanks to the new version of snoopy class the user input is now sanitized
so it's not possibile to inject malicius code anymore (CVE-2008-4796)
* setup-mysql modified to fix permissions on /srv/www
-- Emanuele Gentili <email address hidden> Fri, 07 Nov 2008 05:44:33 +0100
-
wordpress (2.5.1-8ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
+ debian/patches/010_remove_update_notice.patch:
- Removed Wordpress upgrade notify in admin dashboard.
* Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
in our version we don't need it. (See LP: #269301)
wordpress (2.5.1-8) unstable; urgency=high
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
wordpress (2.5.1-7) unstable; urgency=high
* Modified CVE2008-3747 patch. (Closes: #497524)
The old patch made the package completely unusable. The new
one should solve the issue. (Thanks to Del Gurt)
wordpress (2.5.1-6) unstable; urgency=high
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
-- Stefan Ebner <email address hidden> Thu, 02 Oct 2008 22:24:20 +0200
