Thu Dec 30 22:27:45 2010 UTC ()
Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to
attribute names. Handle padded entities when checking for bad protocols.
Normalize entities before checking for bad protocols in esc_url().


(morr)
diff -r1.13 -r1.14 pkgsrc/www/wordpress/Makefile
diff -r1.9 -r1.10 pkgsrc/www/wordpress/distinfo
cvs diff -r1.13 -r1.14 pkgsrc/www/wordpress/Makefile (expand / switch to context diff)
--- pkgsrc/www/wordpress/Makefile 2010/12/10 23:34:17 1.13
+++ pkgsrc/www/wordpress/Makefile 2010/12/30 22:27:45 1.14
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2010/12/10 23:34:17 morr Exp $
+# $NetBSD: Makefile,v 1.14 2010/12/30 22:27:45 morr Exp $
 
 DISTNAME=		wordpress-${VERSION}
-VERSION=		3.0.3
+VERSION=		3.0.4
 CATEGORIES=		www
 MASTER_SITES=		http://wordpress.org/
cvs diff -r1.9 -r1.10 pkgsrc/www/wordpress/distinfo (expand / switch to context diff)
--- pkgsrc/www/wordpress/distinfo 2010/12/10 23:34:18 1.9
+++ pkgsrc/www/wordpress/distinfo 2010/12/30 22:27:45 1.10
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.9 2010/12/10 23:34:18 morr Exp $
+$NetBSD: distinfo,v 1.10 2010/12/30 22:27:45 morr Exp $
 
-SHA1 (wordpress-3.0.3.tar.gz) = 888c2f32fa18dfd5f02291cd8f33c67c3c9cc367
+SHA1 (wordpress-3.0.4.tar.gz) = b0c0500281078fb26e591231269a3baf04fc58c3
-RMD160 (wordpress-3.0.3.tar.gz) = f8273b8cdafe9265f666abfae6309f9ed4590e0a
+RMD160 (wordpress-3.0.4.tar.gz) = c0418e9622e95ecca4cc7e10c3f2ef7339de1bdf
-Size (wordpress-3.0.3.tar.gz) = 2689163 bytes
+Size (wordpress-3.0.4.tar.gz) = 2699202 bytes