diff options
author | tron <tron> | 2014-11-25 15:04:11 +0000 |
---|---|---|
committer | tron <tron> | 2014-11-25 15:04:11 +0000 |
commit | 25588350d38ce4f38035d8d779ebac5bc36d484f (patch) | |
tree | 4e4867f11a7c93f073cc84d217084addc835ffdf /print/tex-endnotes | |
parent | 518d0508780c2b9473edabf8687c44c26f80b21e (diff) | |
download | pkgsrc-25588350d38ce4f38035d8d779ebac5bc36d484f.tar.gz |
Pullup ticket #4559 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.43
- www/wordpress/distinfo 1.35
---
Module Name: pkgsrc
Committed By: morr
Date: Mon Nov 24 19:08:53 UTC 2014
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Security update to 4.0.1.
Changes:
- Three cross-site scripting issues that a contributor or author could use to
compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
compromised, that also required that they haven’t logged in since 2008 (I
wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
remembers their password, logs in, and changes their email address.
More details on http://codex.wordpress.org/Version_4.0.1.
Diffstat (limited to 'print/tex-endnotes')
0 files changed, 0 insertions, 0 deletions