Subject: CVS commit: [pkgsrc-2012Q1] pkgsrc/www/wordpress
From: Matthias Scheler
Date: 2012-04-25 21:13:12
Message id: 20120425191312.E0128175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3756 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.25
- www/wordpress/distinfo                                        1.20

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Wed Apr 25 13:00:37 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to Wordpress 3.3.2.

   Three external libraries included in WordPress received security updates:

   * Plupload (version 1.5.4), which WordPress uses for uploading media.
   * SWFUpload, which WordPress previously used for uploading media, and may \ 
still be in use by plugins.
   * SWFObject, which WordPress previously used to embed Flash content, and may \ 
still be in use by plugins and themes.

   WordPress 3.3.2 also addresses:

   * Limited privilege escalation where a site administrator could deactivate \ 
network-wide plugins when running a WordPress network under particular \ 
circumstances.
   * Cross-site scripting vulnerability when making URLs clickable.
   * Cross-site scripting vulnerabilities in redirects after posting comments in \ 
older browsers, and when filtering URLs.
Files:
RevisionActionfile
1.24.4.1modifypkgsrc/www/wordpress/Makefile
1.19.4.1modifypkgsrc/www/wordpress/distinfo