./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2014Q3, Version: 4.0.1, Package name: wordpress-4.0.1, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [databases/php-mysql]

Required to build:
[www/apache22]

Package options: ap-php

Master sites:

SHA1: ef1bd7ca90b67e6d8f46dc2e2a78c0ec4c2afb40
RMD160: 09269a66df5a92716c3ba5e7d395d8805a5949ba
Filesize: 5912.845 KB

Version history: (Expand)

CVS history: (Expand)


   2014-11-25 16:04:11 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #4559 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.43
- www/wordpress/distinfo                                        1.35

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Nov 24 19:08:53 UTC 2014

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log message:
   Security update to 4.0.1.

   Changes:
   - Three cross-site scripting issues that a contributor or author could use to
     compromise a site.
   - A cross-site request forgery that could be used to trick a user into changing
     their password.
   - An issue that could lead to a denial of service when passwords are checked.
   - Additional protections for server-side request forgery attacks when WordPress
     makes HTTP requests.
   - An extremely unlikely hash collision could allow a user’s account to be
     compromised, that also required that they haven’t logged in since 2008 (I
     wish I were kidding).
   - WordPress now invalidates the links in a password reset email if the user
     remembers their password, logs in, and changes their email address.

   More details on http://codex.wordpress.org/Version_4.0.1.