On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.
Bug #1020452 reported by
Karma Dorje
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| wordpress (Debian) |
Fix Released
|
Unknown
|
|||
| wordpress (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
http://
Lists several security issues as corrected:
-Privilege Escalation/XSS. Critical. Administrators and editors in
multisite were accidentally allowed to use unfiltered_html for 3.4.0.
-CSRF. Additional CSRF protection in the customizer.
-Information Disclosure: Disclosure of post contents to authors and
contributors (such as private or draft posts).
-Hardening: Deprecate wp_explain_nonce(), which could reveal
unnecessary information.
-Hardening: Require a child theme to be activated with its intended
parent only.
| visibility: | private → public |
Revision history for this message
| Raphaël Hertzog (hertzog) wrote Re: [Bug 1020452] [NEW] On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update. | #1 |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #2 |
| Changed in wordpress (Ubuntu): | |
| status: | New → Incomplete |
| Changed in wordpress (Debian): | |
| status: | Unknown → New |
Revision history for this message
| Jeremy Bícha (jbicha) wrote | #3 |
| Changed in wordpress (Ubuntu): | |
| status: | Incomplete → Fix Released |
| Changed in wordpress (Debian): | |
| status: | New → Fix Released |
To post a comment you must log in.
On Tue, 03 Jul 2012, karma wrote:
> http://
I already packaged Wordpress 3.4.1 for Debian. It will hit unstable
the next week-end (I wanted to wait until 3.4 had transitioned to
testing).
After that it will be auto-imported into Quantal.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://