Security update to version 3.5.2. Fixed issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.diff -r1.31 -r1.32 pkgsrc/www/wordpress/Makefile
(morr)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.31 2013/03/16 07:21:26 obache Exp $ | 1 | # $NetBSD: Makefile,v 1.32 2013/06/24 16:13:21 morr Exp $ | |
2 | 2 | |||
3 | DISTNAME= wordpress-${VERSION} | 3 | DISTNAME= wordpress-${VERSION} | |
4 | VERSION= 3.5.1 | 4 | VERSION= 3.5.2 | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 1 | |
6 | CATEGORIES= www | 6 | CATEGORIES= www | |
7 | MASTER_SITES= http://wordpress.org/ | 7 | MASTER_SITES= http://wordpress.org/ | |
8 | 8 | |||
9 | MAINTAINER= morr@NetBSD.org | 9 | MAINTAINER= morr@NetBSD.org | |
10 | HOMEPAGE= http://wordpress.org/ | 10 | HOMEPAGE= http://wordpress.org/ | |
11 | COMMENT= Blogging tool written in php | 11 | COMMENT= Blogging tool written in php | |
12 | LICENSE= gnu-gpl-v2 | 12 | LICENSE= gnu-gpl-v2 | |
13 | 13 | |||
14 | USE_TOOLS+= pax | 14 | USE_TOOLS+= pax | |
15 | 15 | |||
16 | .include "../../mk/bsd.prefs.mk" | 16 | .include "../../mk/bsd.prefs.mk" | |
17 | .include "../../lang/php/phpversion.mk" | 17 | .include "../../lang/php/phpversion.mk" |
@@ -1,5 +1,5 @@ | @@ -1,5 +1,5 @@ | |||
1 | $NetBSD: distinfo,v 1.24 2013/01/27 07:51:37 morr Exp $ | 1 | $NetBSD: distinfo,v 1.25 2013/06/24 16:13:21 morr Exp $ | |
2 | 2 | |||
3 | SHA1 (wordpress-3.5.1.tar.gz) = 3c1b6e4da8132aa31408bbd2d4e86062a99b77ef | 3 | SHA1 (wordpress-3.5.2.tar.gz) = f75e9aadb1c2f754e89aacdfb5ab72bbfb10678d | |
4 | RMD160 (wordpress-3.5.1.tar.gz) = baf0460f7be83f8fc952e4b299010679e17bfd49 | 4 | RMD160 (wordpress-3.5.2.tar.gz) = 3fac241bb418350719c0cb4e5e8dfc433bb5ef11 | |
5 | Size (wordpress-3.5.1.tar.gz) = 5012722 bytes | 5 | Size (wordpress-3.5.2.tar.gz) = 4988077 bytes |