Navigation:
Browse pkgsrc
(this page) 2010-12-31 08:12:18 by Steven Drake | Files touched by this commit (2) |  |
Log message: Pullup ticket #3314 - requested by morr wordpress critical security update. Revisions pulled up: - www/wordpress/Makefile 1.14 - www/wordpress/distinfo 1.10 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Thu Dec 30 22:27:45 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log message: Critical security update. ChangeLog: * Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). |
| 2010-12-12 16:34:39 by Matthias Scheler | Files touched by this commit (2) | |
Log message: Pullup ticket #3300 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.13 - www/wordpress/distinfo 1.9 --- Module Name: pkgsrc Committed By: morr Date: Fri Dec 10 23:34:18 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log message: Security update to 3.0.3. Changes: Fixes issues in the XML-RPC remote publishing interface which under certain \ circumstances allowed Author- and Contributor-level users to improperly edit, \ publish or delete posts. |
| 2010-12-07 13:08:21 by Matthias Scheler | Files touched by this commit (3) | |
Log message: Pullup ticket #3296 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.12 - www/wordpress/PLIST 1.7 - www/wordpress/distinfo 1.8 --- Module Name: pkgsrc Committed By: morr Date: Sun Dec 5 16:46:29 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log message: Security update. Changes: * Fix moderate security issue where a malicious Author-level user could gain further access to the site. * Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. * Fix canonical redirection for permalinks containing %category% with nested categories and paging. * Fix occasional irrelevant error messages on plugin activation. * Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. * Clarify the license in the readme * Multisite: Fix the delete_user meta capability * Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins * Multisite: Fix ms-files.php content type headers when requesting a URL with a query string * Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs While here, set license. |
New packages: