Path to this page:
Next | Query returned 3 messages, browsing 1 to 10 | previous
CVS Commit History:
2010-12-31 08:12:18 by Steven Drake | Files touched by this commit (2) | |
Log message:
Pullup ticket #3314 - requested by morr
wordpress critical security update.
Revisions pulled up:
- www/wordpress/Makefile 1.14
- www/wordpress/distinfo 1.10
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: morr
Date: Thu Dec 30 22:27:45 UTC 2010
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log message:
Critical security update.
ChangeLog:
* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive
to attribute names. Handle padded entities when checking for bad
protocols. Normalize entities before checking for bad protocols in
esc_url().
|
2010-12-12 16:34:39 by Matthias Scheler | Files touched by this commit (2) | |
Log message:
Pullup ticket #3300 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.13
- www/wordpress/distinfo 1.9
---
Module Name: pkgsrc
Committed By: morr
Date: Fri Dec 10 23:34:18 UTC 2010
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log message:
Security update to 3.0.3. Changes:
Fixes issues in the XML-RPC remote publishing interface which under certain \
circumstances allowed Author- and Contributor-level users to improperly edit, \
publish or delete posts.
|
2010-12-07 13:08:21 by Matthias Scheler | Files touched by this commit (3) | |
Log message:
Pullup ticket #3296 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.12
- www/wordpress/PLIST 1.7
- www/wordpress/distinfo 1.8
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Dec 5 16:46:29 UTC 2010
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log message:
Security update. Changes:
* Fix moderate security issue where a malicious Author-level user could
gain further access to the site.
* Remove pingback/trackback blogroll whitelisting feature as it can
easily be abused.
* Fix canonical redirection for permalinks containing %category% with
nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting
a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap()
even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a
URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for
upgraded WordPress MU installs
While here, set license.
|
Next | Query returned 3 messages, browsing 1 to 10 | previous