./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2012Q1, Version: 3.3.2, Package name: wordpress-3.3.2, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [databases/php-mysql]

Required to build:
[lang/perl5] [www/apache22] [pkgtools/x11-links]

Package options: ap-php

Master sites:

SHA1: f4c0ee4d14d3364d158755072a944cd8cf685475
RMD160: 1fce1f9402308f9e4689778656a2e7e8fab45211
Filesize: 3792.644 KB

Version history: (Expand)

CVS history: (Expand)


   2012-04-25 21:13:12 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3756 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.25
- www/wordpress/distinfo                                        1.20

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Wed Apr 25 13:00:37 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log message:
   Security update to Wordpress 3.3.2.

   Three external libraries included in WordPress received security updates:

   * Plupload (version 1.5.4), which WordPress uses for uploading media.
   * SWFUpload, which WordPress previously used for uploading media, and may \ 
still be in use by plugins.
   * SWFObject, which WordPress previously used to embed Flash content, and may \ 
still be in use by plugins and themes.

   WordPress 3.3.2 also addresses:

   * Limited privilege escalation where a site administrator could deactivate \ 
network-wide plugins when running a WordPress network under particular \ 
circumstances.
   * Cross-site scripting vulnerability when making URLs clickable.
   * Cross-site scripting vulnerabilities in redirects after posting comments in \ 
older browsers, and when filtering URLs.