Security update to version 3.5.2.

Fixed issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
author: morr <morr@pkgsrc.org> 2013-06-24 16:13:21 +0000
committer: morr <morr@pkgsrc.org> 2013-06-24 16:13:21 +0000
commit: d8f2d8a0e5b663bb974780d0a32c786c093faebe (patch)
tree: 5f1b4067233576bce7d531370f1fbfcc157ec553 /www/wordpress/Makefile
parent: 22fb2ffed9b7847096102b4b2c70bee4c86abf1d (diff)
download: pkgsrc-d8f2d8a0e5b663bb974780d0a32c786c093faebe.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/www/wordpress/Makefile b/www/wordpress/Makefile
index f1539f05a01..dc5198f2cf0 100644
--- a/www/wordpress/Makefile
+++ b/www/wordpress/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.31 2013/03/16 07:21:26 obache Exp $
+# $NetBSD: Makefile,v 1.32 2013/06/24 16:13:21 morr Exp $
 
 DISTNAME=		wordpress-${VERSION}
-VERSION=		3.5.1
+VERSION=		3.5.2
 PKGREVISION=		1
 CATEGORIES=		www
 MASTER_SITES=		http://wordpress.org/
author	morr <morr@pkgsrc.org>	2013-06-24 16:13:21 +0000
committer	morr <morr@pkgsrc.org>	2013-06-24 16:13:21 +0000
commit	d8f2d8a0e5b663bb974780d0a32c786c093faebe (patch)
tree	5f1b4067233576bce7d531370f1fbfcc157ec553 /www/wordpress/Makefile
parent	22fb2ffed9b7847096102b4b2c70bee4c86abf1d (diff)
download	pkgsrc-d8f2d8a0e5b663bb974780d0a32c786c093faebe.tar.gz