UbuntuUpdates.org

Package "wordpress-theme-twentytwelve"

Name: wordpress-theme-twentytwelve

Description:

weblog manager - twentyttwelve theme files

Latest version: 3.8.2+dfsg-1ubuntu0.1
Release: trusty (14.04)
Level: updates
Repository: universe
Head package: wordpress
Homepage: http://wordpress.org

Links


Download "wordpress-theme-twentytwelve"


Other versions of "wordpress-theme-twentytwelve" in Trusty

Repository Area Version
base universe 3.8.2+dfsg-1
security universe 3.8.2+dfsg-1ubuntu0.1

Changelog

Version: 3.8.2+dfsg-1ubuntu0.1 2014-11-22 20:06:28 UTC

  wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
    - 3.8.3:
      - Post collision bug fix (wp-admin/includes/post.php)
    - 3.8.4:
      - CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
      - CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
      - CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
      - Constant time wp_verify_nonce (wp-includes/compat.php)
    - 3.8.5:
      - three cross-site scripting issues
      - cross-site request forgery to trigger password change
      - DoS when passwords are checked
      - protections against server-side request forgery attacks
      - hash collision on pre-2008 logins
      - invalidate links from password reset emails after use
 -- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800

1395336 security fixes since 3.8.2
CVE-2014-2053 getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a deni
CVE-2014-5265 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations with
CVE-2014-5266 The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of ele
CVE-2014-5204 wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce ar
CVE-2014-5205 wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, whic
CVE-2014-5240 Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticat



About   -   Send Feedback to @ubuntu_updates