Debian Linux Security Advisory 2901-3 - The update of wordpress in DSA-2901-2 introduced a wrong versioned dependency on libjs-cropper, making the package uninstallable in the oldstable distribution (squeeze). This update corrects that problem.
0a850496735e1273b3de80b8645aa4ce0b91fe70713d28fd59c990bb6585ba45-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2901-3 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
April 21, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166
Debian Bug : 744018
The update of wordpress in DSA-2901-2 introduced a wrong versioned
dependency on libjs-cropper, making the package uninstallable in the
oldstable distribution (squeeze). This update corrects that problem.
For reference the original advisory text follows.
Several vulnerabilities were discovered in Wordpress, a web blogging
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2014-0165
A user with a contributor role, using a specially crafted
request, can publish posts, which is reserved for users of the
next-higher role.
CVE-2014-0166
Jon Cave of the WordPress security team discovered that the
wp_validate_auth_cookie function in wp-includes/pluggable.php does
not properly determine the validity of authentication cookies,
allowing a remote attacker to obtain access via a forged cookie.
For the oldstable distribution (squeeze), this problem has been fixed
in version 3.6.1+dfsg-1~deb6u4.
We recommend that you upgrade your wordpress packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJTVLUPAAoJEAVMuPMTQ89EqdwP/3ayqSSOrZAYJSJO4U39wvUz
+H9BnPCkXQmqB0jL1nh8VjDC6lm9FFcK+Nm04Kd2Ema1S2pjnmfj/rZ4ektKc2Bx
4gXX7NjfAGUt+cl+9Wl8KdUJ1a+N7jLkkRxNxEItQ9cradxMbsAHZl7+oLBcAjW2
l4Mj6eya8amumDHfVbe7a/+4ex1t6Jslk0EQPCRsDOrbXPHtctvzfX8LxBtfY/XH
/ZZhXW6VsGKaZ2AfuM+tilYbPjTMqdvnCL6YrfiGStftdvlywELJw7Hnb1x9p83A
E2FGcRsjCVuy2R5zvOcPIqJJG853t8wdRe3z+xfV/tONzUnuywa1GRm/c284d+Yx
Gs8nW8+dtujIwSeGdubLwEOBc7HHvhk4/UPQpc3T6ricaupp2k42oLhB5kP3D2e9
fwNTFjULFVzrf7kfA8imroOkOPI5C57UMOTHrjdjzlPFAQC2DiUJx2UTtz/i42Ck
HOay7x/0DSe5NrENdrVwZ558Z4PW8NBvrBPOrAXeJhdVzelfbpESaJoiM/lhUm0f
T0o8H6dESm6rUlhxLxZoowTtOzg/qeduSdU7mhSGYhKYLplMv5kCGCak3z23UVGK
CLWJsKVEf8lxOn/Rzd5z8o/wqrWqLf0uRF0xQrqCCzyplV9cZXNOz/oaIu64Ajo4
r5vIZoPqbIGSopbSOae2
=bnMQ
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed