Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 45973A5810 for ; Sun, 13 Apr 2014 14:11:03 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 6B6D414A358; Sun, 13 Apr 2014 14:11:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 50EF314A25F for ; Sun, 13 Apr 2014 14:11:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id LT07HNnwjN0f for ; Sun, 13 Apr 2014 14:10:59 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id BD0CC14A254 for ; Sun, 13 Apr 2014 14:10:59 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id AD43B96; Sun, 13 Apr 2014 14:10:59 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sun, 13 Apr 2014 14:10:59 +0000 From: "Daniel Horecki" Subject: CVS commit: pkgsrc/www/wordpress To: pkgsrc-changes@NetBSD.org Reply-To: morr@netbsd.org X-Mailer: log_accum Message-Id: <20140413141059.AD43B96@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: morr Date: Sun Apr 13 14:10:59 UTC 2014 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to newest version of Wordpress, containing security fixes. It contains 9 bugfixes and 5 security fixes: * Potential authentication cookie forgery. CVE-2014-0166. * Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165. * (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. * (Hardening) Fix a low-impact SQL injection by trusted users. * (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 pkgsrc/www/wordpress/Makefile cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/wordpress/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.