Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 3A07663D7B3 for ; Sun, 27 Jan 2013 07:51:40 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id ADFA914A3A3; Sun, 27 Jan 2013 07:51:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 92F2414A3A1 for ; Sun, 27 Jan 2013 07:51:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 3yz-gyaPr5ip for ; Sun, 27 Jan 2013 07:51:39 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id BD61714A39B for ; Sun, 27 Jan 2013 07:51:38 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 25BC3175DD; Sun, 27 Jan 2013 07:51:38 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sun, 27 Jan 2013 07:51:37 +0000 From: "Daniel Horecki" Subject: CVS commit: pkgsrc/www/wordpress To: pkgsrc-changes@NetBSD.org Reply-To: morr@netbsd.org X-Mailer: log_accum Message-Id: <20130127075138.25BC3175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: morr Date: Sun Jan 27 07:51:37 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: This maintenance release addresses 37 bugs with version 3.5, including: * Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. * Media: Fix a collection of minor workflow and compatibility issues in the new media manager. * Networks: Suggest proper rewrite rules when creating a new network. * Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. * Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. * Suppress some warnings that could occur when a plugin misused the database or user APIs. Additionally: Version 3.5.1 fixes a few security issues: * Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team. * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team. * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.