This bug was fixed in the package wordpress - 3.8.2+dfsg-1ubuntu0.1
--------------- wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336): - 3.8.3: - Post collision bug fix (wp-admin/includes/post.php) - 3.8.4: - CVE-2014-2053 (wp-includes/ID3/getid3.lib.php) - CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php) - CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php) - Constant time wp_verify_nonce (wp-includes/compat.php) - 3.8.5: - three cross-site scripting issues - cross-site request forgery to trigger password change - DoS when passwords are checked - protections against server-side request forgery attacks - hash collision on pre-2008 logins - invalidate links from password reset emails after use -- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
This bug was fixed in the package wordpress - 3.8.2+dfsg- 1ubuntu0. 1
--------------- dfsg-1ubuntu0. 1) trusty-security; urgency=medium
wordpress (3.8.2+
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336): includes/ post.php) ID3/getid3. lib.php) class-IXR. php) pluggable. php) compat. php)
- 3.8.3:
- Post collision bug fix (wp-admin/
- 3.8.4:
- CVE-2014-2053 (wp-includes/
- CVE-2014-5265 CVE-2014-5266 (wp-includes/
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/
- Constant time wp_verify_nonce (wp-includes/
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
-- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800