Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0095870A6A
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Mon, 24 Jun 2013 16:13:24 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 3B84314A28E; Mon, 24 Jun 2013 16:13:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 5B5E214A28D
	for <pkgsrc-changes@NetBSD.org>; Mon, 24 Jun 2013 16:13:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id 7x9cgHxFk5b2 for <pkgsrc-changes@NetBSD.org>;
	Mon, 24 Jun 2013 16:13:21 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id C0C4C14A28C
	for <pkgsrc-changes@NetBSD.org>; Mon, 24 Jun 2013 16:13:21 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id 7DCE896; Mon, 24 Jun 2013 16:13:21 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Mon, 24 Jun 2013 16:13:21 +0000
From: "Daniel Horecki" <morr@netbsd.org>
Subject: CVS commit: pkgsrc/www/wordpress
To: pkgsrc-changes@NetBSD.org
Reply-To: morr@netbsd.org
X-Mailer: log_accum
Message-Id: <20130624161321.7DCE896@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	morr
Date:		Mon Jun 24 16:13:21 UTC 2013

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.