Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #4559 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.43
- www/wordpress/distinfo 1.35
---
Module Name: pkgsrc
Committed By: morr
Date: Mon Nov 24 19:08:53 UTC 2014
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Security update to 4.0.1.
Changes:
- Three cross-site scripting issues that a contributor or author could use to
compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
makes HTTP requests.
- An extremely unlikely hash collision could allow a userâs account to be
compromised, that also required that they havenât logged in since 2008 (I
wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
remembers their password, logs in, and changes their email address.
More details on http://codex.wordpress.org/Version_4.0.1.
| Revision | Action | file |
| 1.42.2.1 | modify | pkgsrc/www/wordpress/Makefile |
| 1.34.2.1 | modify | pkgsrc/www/wordpress/distinfo |