On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.
Bug #1020452 reported by
Karma Dorje
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wordpress (Debian) |
Fix Released
|
Unknown
|
|||
wordpress (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
http://
Lists several security issues as corrected:
-Privilege Escalation/XSS. Critical. Administrators and editors in
multisite were accidentally allowed to use unfiltered_html for 3.4.0.
-CSRF. Additional CSRF protection in the customizer.
-Information Disclosure: Disclosure of post contents to authors and
contributors (such as private or draft posts).
-Hardening: Deprecate wp_explain_nonce(), which could reveal
unnecessary information.
-Hardening: Require a child theme to be activated with its intended
parent only.
visibility: | private → public |
Changed in wordpress (Debian): | |
status: | Unknown → New |
Changed in wordpress (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
On Tue, 03 Jul 2012, karma wrote: codex.wordpress .org/Version_ 3.4.1
> http://
I already packaged Wordpress 3.4.1 for Debian. It will hit unstable
the next week-end (I wanted to wait until 3.4 had transitioned to
testing).
After that it will be auto-imported into Quantal.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook: debian- handbook. info/get/
→ http://