Mon Jun 24 16:13:21 2013 UTC ()
Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.


(morr)
diff -r1.31 -r1.32 pkgsrc/www/wordpress/Makefile
diff -r1.24 -r1.25 pkgsrc/www/wordpress/distinfo
cvs diff -r1.31 -r1.32 pkgsrc/www/wordpress/Makefile (expand / switch to unified diff)

--- pkgsrc/www/wordpress/Makefile 2013/03/16 07:21:26 1.31
+++ pkgsrc/www/wordpress/Makefile 2013/06/24 16:13:21 1.32
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1# $NetBSD: Makefile,v 1.31 2013/03/16 07:21:26 obache Exp $ 1# $NetBSD: Makefile,v 1.32 2013/06/24 16:13:21 morr Exp $
2 2
3DISTNAME= wordpress-${VERSION} 3DISTNAME= wordpress-${VERSION}
4VERSION= 3.5.1 4VERSION= 3.5.2
5PKGREVISION= 1 5PKGREVISION= 1
6CATEGORIES= www 6CATEGORIES= www
7MASTER_SITES= http://wordpress.org/ 7MASTER_SITES= http://wordpress.org/
8 8
9MAINTAINER= morr@NetBSD.org 9MAINTAINER= morr@NetBSD.org
10HOMEPAGE= http://wordpress.org/ 10HOMEPAGE= http://wordpress.org/
11COMMENT= Blogging tool written in php 11COMMENT= Blogging tool written in php
12LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
13 13
14USE_TOOLS+= pax 14USE_TOOLS+= pax
15 15
16.include "../../mk/bsd.prefs.mk" 16.include "../../mk/bsd.prefs.mk"
17.include "../../lang/php/phpversion.mk" 17.include "../../lang/php/phpversion.mk"
cvs diff -r1.24 -r1.25 pkgsrc/www/wordpress/distinfo (expand / switch to unified diff)

--- pkgsrc/www/wordpress/distinfo 2013/01/27 07:51:37 1.24
+++ pkgsrc/www/wordpress/distinfo 2013/06/24 16:13:21 1.25
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.24 2013/01/27 07:51:37 morr Exp $ 1$NetBSD: distinfo,v 1.25 2013/06/24 16:13:21 morr Exp $
2 2
3SHA1 (wordpress-3.5.1.tar.gz) = 3c1b6e4da8132aa31408bbd2d4e86062a99b77ef 3SHA1 (wordpress-3.5.2.tar.gz) = f75e9aadb1c2f754e89aacdfb5ab72bbfb10678d
4RMD160 (wordpress-3.5.1.tar.gz) = baf0460f7be83f8fc952e4b299010679e17bfd49 4RMD160 (wordpress-3.5.2.tar.gz) = 3fac241bb418350719c0cb4e5e8dfc433bb5ef11
5Size (wordpress-3.5.1.tar.gz) = 5012722 bytes 5Size (wordpress-3.5.2.tar.gz) = 4988077 bytes