diff -Nru wordpress-3.0.1/debian/changelog wordpress-3.0.1/debian/changelog
--- wordpress-3.0.1/debian/changelog	2010-12-31 23:48:28.000000000 +0700
+++ wordpress-3.0.1/debian/changelog	2011-02-13 21:52:09.000000000 +0700
@@ -1,3 +1,13 @@
+wordpress (3.0.1-1ubuntu1.2) maverick-security; urgency=low
+
+  * SECURITY UPDATE: SQL Injection vulnerability in the trackback
+    functions. (LP: #716641)
+    - debian/patches/CVE-2010-4257.patch
+    - CVE-2010-4257
+    - http://wordpress.org/news/2010/11/wordpress-3-0-2/ 
+
+ -- Mahyuddin Susanto <udienz@ubuntu.com>  Sun, 13 Feb 2011 21:51:55 +0700
+
 wordpress (3.0.1-1ubuntu1.1) maverick-security; urgency=low
 
   * SECURITY UPDATE:
diff -Nru wordpress-3.0.1/debian/patches/CVE-2010-4257.patch wordpress-3.0.1/debian/patches/CVE-2010-4257.patch
--- wordpress-3.0.1/debian/patches/CVE-2010-4257.patch	1970-01-01 07:00:00.000000000 +0700
+++ wordpress-3.0.1/debian/patches/CVE-2010-4257.patch	2011-02-13 21:36:34.000000000 +0700
@@ -0,0 +1,19 @@
+# Description: SQL Injection vulnerability in the trackback functions
+# Origin: http://core.trac.wordpress.org/changeset/16625
+# Bug-Ubuntu: https://launchpad.net/bugs/716641
+# Bug-Debian: http://bugs.debian.org/605603
+# Bug-Redhat: https://bugzilla.redhat.com/659265
+
+Index: wordpress-3.0.1/wp-includes/comment.php
+===================================================================
+--- wordpress-3.0.1.orig/wp-includes/comment.php	2011-02-11 09:20:24.499919207 +0700
++++ wordpress-3.0.1/wp-includes/comment.php	2011-02-11 09:20:21.051664191 +0700
+@@ -1654,7 +1654,7 @@
+ 				trackback($tb_ping, $post_title, $excerpt, $post_id);
+ 				$pinged[] = $tb_ping;
+ 			} else {
+-				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
++				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) );
+ 			}
+ 		}
+ 	}
diff -Nru wordpress-3.0.1/debian/patches/series wordpress-3.0.1/debian/patches/series
--- wordpress-3.0.1/debian/patches/series	2010-12-31 23:47:51.000000000 +0700
+++ wordpress-3.0.1/debian/patches/series	2011-02-13 21:37:21.000000000 +0700
@@ -8,3 +8,4 @@
 manifest.patch
 mu.patch
 011kses.patch
+CVE-2010-4257.patch