Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

2 files changed, 6 insertions, 6 deletions

diff --git a/www/wordpress/Makefile b/www/wordpress/Makefile
index f1539f05a01..dc5198f2cf0 100644
--- a/www/wordpress/Makefile
+++ b/www/wordpress/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.31 2013/03/16 07:21:26 obache Exp $
+# $NetBSD: Makefile,v 1.32 2013/06/24 16:13:21 morr Exp $
 
 DISTNAME=		wordpress-${VERSION}
-VERSION=		3.5.1
+VERSION=		3.5.2
 PKGREVISION=		1
 CATEGORIES=		www
 MASTER_SITES=		http://wordpress.org/
diff --git a/www/wordpress/distinfo b/www/wordpress/distinfo
index 3edc99ba3da..d63189f94e2 100644
--- a/www/wordpress/distinfo
+++ b/www/wordpress/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.24 2013/01/27 07:51:37 morr Exp $
+$NetBSD: distinfo,v 1.25 2013/06/24 16:13:21 morr Exp $
 
-SHA1 (wordpress-3.5.1.tar.gz) = 3c1b6e4da8132aa31408bbd2d4e86062a99b77ef
-RMD160 (wordpress-3.5.1.tar.gz) = baf0460f7be83f8fc952e4b299010679e17bfd49
-Size (wordpress-3.5.1.tar.gz) = 5012722 bytes
+SHA1 (wordpress-3.5.2.tar.gz) = f75e9aadb1c2f754e89aacdfb5ab72bbfb10678d
+RMD160 (wordpress-3.5.2.tar.gz) = 3fac241bb418350719c0cb4e5e8dfc433bb5ef11
+Size (wordpress-3.5.2.tar.gz) = 4988077 bytes