Ubuntu
wordpress package

  1. Bug #1395336
  2. Comment #7

Comment 7 for bug 1395336

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wordpress - 3.8.2+dfsg-1ubuntu0.1

---------------
wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
    - 3.8.3:
      - Post collision bug fix (wp-admin/includes/post.php)
    - 3.8.4:
      - CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
      - CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
      - CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
      - Constant time wp_verify_nonce (wp-includes/compat.php)
    - 3.8.5:
      - three cross-site scripting issues
      - cross-site request forgery to trigger password change
      - DoS when passwords are checked
      - protections against server-side request forgery attacks
      - hash collision on pre-2008 logins
      - invalidate links from password reset emails after use
 -- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800