Package "wordpress-l10n"
| Name: |
wordpress-l10n
|
Description: |
weblog manager - language files
|
| Latest version: |
3.8.2+dfsg-1ubuntu0.1 |
| Release: |
trusty (14.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
wordpress |
| Homepage: |
http://wordpress.org |
Links
Download "wordpress-l10n"
Other versions of "wordpress-l10n" in Trusty
Changelog
|
wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/includes/post.php)
- 3.8.4:
- CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
- CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
- Constant time wp_verify_nonce (wp-includes/compat.php)
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
-- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
|
| 1395336 |
security fixes since 3.8.2 |
| CVE-2014-5266 |
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of ele |
| CVE-2014-5204 |
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce ar |
| CVE-2014-5205 |
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, whic |
| CVE-2014-5240 |
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticat |
|
About
-
Send Feedback to @ubuntu_updates
