---
- branch: MAIN
  date: Mon Jun 24 16:13:21 UTC 2013
  files:
  - new: '1.32'
    old: '1.31'
    path: pkgsrc/www/wordpress/Makefile
    pathrev: pkgsrc/www/wordpress/Makefile@1.32
    type: modified
  - new: '1.25'
    old: '1.24'
    path: pkgsrc/www/wordpress/distinfo
    pathrev: pkgsrc/www/wordpress/distinfo@1.25
    type: modified
  id: 20130624T161321Z.ae6bb11496c7fa917fe61ecc49649e1108b54b2e
  log: |
    Security update to version 3.5.2.

    Fixed issues:

    * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
    * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
    * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
    * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
    * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
    * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
    * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

    * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
    * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
    * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/wordpress'
  unixtime: '1372090401'
  user: morr