diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:56:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:56:53 +0000 |
commit | a9c818418b81b93680170e1a84d4e221e578ad2f (patch) | |
tree | 5b883aa428f1edb12f5d40f9768438ee16a7ed6b /debian/changelog | |
parent | Adding upstream version 6.4.3+dfsg1. (diff) | |
download | wordpress-a9c818418b81b93680170e1a84d4e221e578ad2f.tar.xz wordpress-a9c818418b81b93680170e1a84d4e221e578ad2f.zip |
Adding debian version 6.4.3+dfsg1-1.debian/6.4.3+dfsg1-1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 1941 |
1 files changed, 1941 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..d4862e8 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1941 @@ +wordpress (6.4.3+dfsg1-1) unstable; urgency=medium + + * New upstream release: + - PHP File Upload bypass via Plugin Installer (requiring admin privileges) + - An RCE POP Chains vulnerability + + -- Craig Small <csmall@debian.org> Thu, 08 Feb 2024 19:54:35 +1100 + +wordpress (6.4.2+dfsg1-1) unstable; urgency=medium + + * New upstream release + - Fixes a RCE that could be potentially exploited with some plugins, + especially multisite installations. + + -- Craig Small <csmall@debian.org> Tue, 02 Jan 2024 08:30:41 +1100 + +wordpress (6.4.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Update to standards 4.6.2, no change + * Themes: twentytwentyone removed, new twentytwentyfour + * Update apparmor profile for jetpack-waf directory, more comments + + -- Craig Small <csmall@debian.org> Tue, 14 Nov 2023 18:04:24 +1100 + +wordpress (6.3.2+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Sun, 29 Oct 2023 21:50:25 +1100 + +wordpress (6.3.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Tue, 12 Sep 2023 19:36:08 +1000 + +wordpress (6.3+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Thu, 10 Aug 2023 20:53:28 +1000 + +wordpress (6.2.2+dfsg1-1) unstable; urgency=medium + + * New upstream security release Closes: #1036689 + - Block themes parsing shortcodes in user-generated data + + -- Craig Small <csmall@debian.org> Thu, 25 May 2023 20:41:51 +1000 + +wordpress (6.2.1+dfsg1-1) unstable; urgency=high + + * New upstream security release Closes: #1036296 + - CVE-2023-2745 - Directory traversal in wp_lang + + -- Craig Small <csmall@debian.org> Fri, 19 May 2023 07:40:55 +1000 + +wordpress (6.2+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Removed ancient (10+ years_ news entries + + -- Craig Small <csmall@debian.org> Tue, 11 Apr 2023 22:40:41 +1000 + +wordpress (6.1.1+dfsg1-1) unstable; urgency=medium + + * New upstream maintenance release + + -- Craig Small <csmall@debian.org> Fri, 09 Dec 2022 21:49:35 +1100 + +wordpress (6.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Removed TwentyTwenty theme + * Added TwentyTwentyThree theme and made it recommended + + -- Craig Small <csmall@debian.org> Sat, 12 Nov 2022 18:01:07 +1100 + +wordpress (6.0.3+dfsg1-1) unstable; urgency=high + + * New security release Closes: #1022575 + - Stored XSS via wp-mail.php (post by email) + - Open redirect in `wp_nonce_ays` + - Sender’s email address is exposed in wp-mail.php + - Media Library – Reflected XSS via SQLi + - CSRF in wp-trackback.php + - Stored XSS via the Customizer + - Revert shared user instances introduced in 50790 + - Stored XSS in WordPress Core via Comment Editing + - Data exposure via the REST Terms/Tags Endpoint + - Content from multipart emails leaked + - SQL Injection due to improper sanitization in `WP_Date_Query` + - RSS Widget: Stored XSS issue + - Stored XSS in the search block + - Feature Image Block: XSS issue + - RSS Block: Stored XSS issue + - Fix widget block XSS + + -- Craig Small <csmall@debian.org> Mon, 24 Oct 2022 21:10:11 +1100 + +wordpress (6.0.2+dfsg1-1) unstable; urgency=medium + + * New security release Closes: #1018863 + - Possible link SQL injection within the Link API + - XSS in Plugins screen + - Output escaping issue within the_meta() + + -- Craig Small <csmall@debian.org> Thu, 01 Sep 2022 18:41:07 +1000 + +wordpress (6.0+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Added more suggestions for php modules + * Update standards version to 4.6.1, no changes needed. + * Allow WordPress config file to be defined Closes: #834842 + + -- Craig Small <csmall@debian.org> Thu, 02 Jun 2022 16:37:59 +1000 + +wordpress (5.9.2+dfsg1-2) unstable; urgency=high + + * Fix emoji patch Closes: #1008976 + + -- Craig Small <csmall@debian.org> Wed, 06 Apr 2022 17:20:47 +1000 + +wordpress (5.9.2+dfsg1-1) unstable; urgency=medium + + * New security release Closes: #1007005, #1007145 + * Themes: 2019 removed, 2022 added + + -- Craig Small <csmall@debian.org> Sat, 12 Mar 2022 14:31:34 +1100 + +wordpress (5.8.3+dfsg1-1) unstable; urgency=high + + * Upstream security release Closes: #1003243 + - CVE-2022-21662 - Stored XSS through authenticated users + - CVE-2022-21663 - Authenticated Object Injection in Multisites + - CVE-2022-21661 - WordPress: SQL Injection through WP_Query + - CVE-2022-21664 - SQL injection due to improper sanitization + in WP_Meta_Query + + -- Craig Small <csmall@debian.org> Fri, 07 Jan 2022 15:57:14 +1100 + +wordpress (5.8.2+dfsg1-1) unstable; urgency=medium + + [ Debian Janitor ] + * Trim trailing whitespace. + * Remove 1 obsolete maintscript entry. + * Fix day-of-week for changelog entry 2.6.2-1. + * Update standards version to 4.6.0, no changes needed. + + [ Craig Small ] + * New upstream release Closes: #1001462 + * Don't install ca-certificates.crt but link it Closes: #999568 + * Fix updater to complain less + * Stop auto-updates Closes: #1001623 + * Added local/apache-wordpress for AppArmor local configs + + -- Craig Small <csmall@debian.org> Mon, 20 Dec 2021 21:48:50 +1100 + +wordpress (5.8.1+dfsg1-2) unstable; urgency=high + + * Install AppArmor file in correct location + + -- Craig Small <csmall@debian.org> Mon, 20 Sep 2021 18:51:00 +1000 + +wordpress (5.8.1+dfsg1-1) unstable; urgency=medium + + * Security release + - CVE-2021-39200 - Disclosure in wp_die() Closes: #994060 + - CVE-2021-39201 - XSS in editor Closes: #994059 + * New upstream release Closes: #992302 + * Add direct FS_METHOD in mysql setup Closes: #988991 + * Add AppArmor profile + + -- Craig Small <csmall@debian.org> Sat, 11 Sep 2021 10:29:52 +1000 + +wordpress (5.7.1+dfsg1-2) unstable; urgency=medium + + * Fix symlink for 2021 theme Closes: #986085 + + -- Craig Small <csmall@debian.org> Tue, 20 Apr 2021 22:28:40 +1000 + +wordpress (5.7.1+dfsg1-1) unstable; urgency=high + + * Security release, fixes 2 bugs Closes: #987065 + - CVE-2021-29450 - Authenticated disclosure of password-protected + posts and pages. + - CVE-2021-29447 - Authenticated XXE attack when installation is + running PHP 8 + + -- Craig Small <csmall@debian.org> Sat, 17 Apr 2021 08:46:05 +1000 + +wordpress (5.7+dfsg1-1) unstable; urgency=medium + + * New upstream release Closes: #984985 + + -- Craig Small <csmall@debian.org> Mon, 15 Mar 2021 08:11:27 +1100 + +wordpress (5.6.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Added core language directory + + -- Craig Small <csmall@debian.org> Fri, 05 Feb 2021 18:53:39 +1100 + +wordpress (5.6+dfsg1-2) unstable; urgency=medium + + * Removed php5 alternative dependencies as these are only in + oldoldstable + * source-only upload for Bullseye Closes: #977517 + + -- Craig Small <csmall@debian.org> Mon, 21 Dec 2020 14:39:34 +1100 + +wordpress (5.6+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Removed theme twentyseventeen + * Added theme twentytwentyone + * Update to standards version 4.5.1 + + -- Craig Small <csmall@debian.org> Thu, 17 Dec 2020 22:22:49 +1100 + +wordpress (5.5.3+dfsg1-1) unstable; urgency=high + + * Security release, fixes 8 bugs Closes: #973562 + - CVE-2020-28039: Protected meta that could lead to arbitrary + file deletion. + - CVE-2020-28035: XML-RPC privilege escalation. + - CVE-2020-28036: XML-RPC privilege escalation. + - CVE-2020-28032: Hardening deserialization requests. + - CVE-2020-28037: DoS attack could lead to RCE. + - CVE-2020-28038: Stored XSS in post slugs. + - CVE-2020-28033: Disable spam embeds from disabled sites + on a multisite network. + - CVE-2020-28034: Cross-Site Scripting (XSS) via global variables. + - CVE-2020-28040: CSRF attacks that change a theme's background image. + * Removed TinyMCE build dependency as its very old + * d/dirs: Add two more language directories + + -- Craig Small <csmall@debian.org> Tue, 03 Nov 2020 17:23:49 +1100 + +wordpress (5.5.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Remove patch CVE-2017-8295 as it is in upstream + + -- Craig Small <csmall@debian.org> Wed, 02 Sep 2020 16:25:35 +1000 + +wordpress (5.4.2+dfsg1-1) unstable; urgency=medium + + * Security release, fixes 6 security bugs Closes: #962685 + - CVE-2020-4046 + Authenticated XSS through embed block + - CVE-2020-4047 + Authenticated XSS via media attachment page + - CVE-2020-4048 + Open redirect in wp_validate_redirect() + - CVE-2020-4049 + Authenticated self-XSS via theme uploads + - CVE-2020-4050 + 'set-screen-option' filter misuse by plugins leading to privilege + escalation + * Prevent unmoderated comments from search engine indexation + + -- Craig Small <csmall@debian.org> Mon, 15 Jun 2020 07:53:44 +1000 + +wordpress (5.4.1+dfsg1-1) unstable; urgency=medium + + * Security release, fixes 6 security bugs Closes: #959391 + - CVE-2020-11025 + XSS vulnerability in the navigation section of Customizer allows + JavaScript code to be executed. + - CVE-2020-11026 + uploaded files to Media section to lead to script execution + - CVE-2020-11027 + Password reset link does not expire + - CVE-2020-11028 + Private posts can be found through searching by date + - CVE-2020-11029 + XSS in stats() method in class-wp-object-cache + - CVE-2020-11030 + Special payload can execute scripts in block editor + * Add multi-arch tags + * Update to standards 4.5.0 + + -- Craig Small <csmall@debian.org> Sat, 02 May 2020 14:21:58 +1000 + +wordpress (5.4+dfsg1-1) unstable; urgency=medium + + * New upstream source + * Remove debian.cnf call for create database Closes: #884877 + * Add note for iputils-ping required for setup-mysql. Closes: #944465 + * Themes: twentysixteen removed, twentytwenty added + * Themes: remove conflict with ancient wordpress + + -- Craig Small <csmall@debian.org> Sun, 05 Apr 2020 12:00:08 +1000 + +wordpress (5.3.2+dfsg1-1) unstable; urgency=high + + * Fixes some important but non-security bugs. + * Thanks to Nils Radtke <debbug@think-future.com> for + his assistance. + * Version 5.3.1 is a security release, fixes several + issues Closes: #946905 + - CVE-2019-20043 + an unprivileged user could make a post sticky via the REST API. + - CVE-2019-20042 + cross-site scripting (XSS) could be stored in well-crafted links + - CVE-2019-20041 + hardening wp_kses_bad_protocol() to ensure that it is aware + of the named colon attribute. + - CVE-2019-16780 and CVE-2019-16781 + stored XSS vulnerability using block editor content. + * Fix error in CVE-2017-14990 patch where sub-sites cannot + authenticate users. Thanks Connor for your help! + + -- Craig Small <csmall@debian.org> Fri, 27 Dec 2019 15:18:07 +1100 + +wordpress (5.2.4+dfsg1-1) unstable; urgency=high + + * Security release, fixes several issues Closes: #942459 + - CVE-2019-17674 + Stored XSS in the Customizer + - CVE-2019-17671 + Viewing unauthenticated posts + - CVE-2019-17672 + Stored XSS to inject javascript into style tags + - CVE-2019-17673 + Poisoning JSON GET requests + - CVE-2019-17669 + SSRF in URL vaidation + - CVE-2019-17675 + Referer validation in admin screens + + -- Craig Small <csmall@debian.org> Thu, 17 Oct 2019 21:32:54 +1100 + +wordpress (5.2.3+dfsg1-1) unstable; urgency=medium + + * Security release, fixes several issues Closes: #939543 + - CVE-2019-16223 + XSS in post previews + - CVE-2019-16218 + XSS in stored comments + - CVE-2019-16220 + Open redirect due to validation and sanitization + - CVE-2019-16217 + XSS in media uploads + - CVE-2019-16219 + XSS in shortcode previews + - CVE-2019-16221 + Reflected XSS in dashboard + - CVE-2019-16222 + XSS in URL sanitization + * Use replace for dh-linktrees for underscore-js + + -- Craig Small <csmall@debian.org> Fri, 06 Sep 2019 18:39:10 +1000 + +wordpress (5.2.2+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Tue, 25 Jun 2019 21:03:42 +1000 + +wordpress (5.2.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Sun, 26 May 2019 16:42:33 +1000 + +wordpress (5.1.1+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Fixes XSS security hole in comments CVE-2019-9787 Closes: #924546 + * Added new/better config example + + -- Craig Small <csmall@debian.org> Thu, 14 Mar 2019 22:10:00 +1100 + +wordpress (5.0.3+dfsg1-1) unstable; urgency=medium + + * New upstream release + * Update to Debian standards 4.3.0 + + -- Craig Small <csmall@debian.org> Tue, 05 Feb 2019 22:23:39 +1100 + +wordpress (5.0.2+dfsg1-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Fri, 28 Dec 2018 16:00:13 +1100 + +wordpress (5.0.1+dfsg1-1) unstable; urgency=high + + * New upstream source. fixes 7 Security issues Closes: #916403 + - CVE-2018-20147 + Delete files through altered meta data + - CVE-2018-20152 + Create posts of unauthorized post types + - CVE-2018-20148 + PHP object injection through crafted meta data + - CVE-2018-20153 + Edit other users comments, leading to XSS + - CVE-2018-20150 + XSS in plugins through crafted URL inputs + - CVE-2018-20151 + User activation screen visible to search engines + - CVE-2018-20149 + Bypass MIME verification causing XSS + * Themes: Remove twentyfifteen, add twentynineteen and make default + * Remove remote emojis + + -- Craig Small <csmall@debian.org> Sun, 16 Dec 2018 10:45:32 +1100 + +wordpress (4.9.8+dfsg1-2) UNRELEASED; urgency=medium + + * d/copyright: Use https protocol in Format field + * d/changelog: Remove trailing whitespaces + + -- Ondřej Nový <onovy@debian.org> Mon, 01 Oct 2018 10:34:25 +0200 + +wordpress (4.9.8+dfsg1-1) unstable; urgency=medium + + * New upstream source + Verify plugin uploads CVE-2018-14028 Closes: #906565 + + -- Craig Small <csmall@debian.org> Tue, 21 Aug 2018 20:47:44 +1000 + +wordpress (4.9.7+dfsg1-1) unstable; urgency=high + + * New upstream source + * Fix directory traversal in thumb parameter + CVE-2018-12895 Closes: #902876 + + -- Craig Small <csmall@debian.org> Sat, 07 Jul 2018 22:29:18 +1000 + +wordpress (4.9.5+dfsg1-1) unstable; urgency=medium + + * New upstream source, fixes 3 Security issues Closes: #895034 + - CVE-2018-10101 + Don't treat localhost as same host by default. + - CVE-2018-10100 + Use safe redirects when redirecting login page if SSL is forced + - CVE-2018-10102 + Make sure version string is correctly escaped for use in + generator tags + * Update to standards version 4.1.4 + * Remove get-orig-source in rules and use uscan + + -- Craig Small <csmall@debian.org> Sun, 08 Apr 2018 08:11:40 +1000 + +wordpress (4.9.4+dfsg-1) unstable; urgency=medium + + * New upstream release + * Removed remove_jshint patch as upstream has found a different hinter + + -- Craig Small <csmall@debian.org> Fri, 09 Feb 2018 21:35:34 +1100 + +wordpress (4.9.2+dfsg-1) unstable; urgency=high + + * New upstream security release Closes: #887596 + and resolves CVE-2018-5776 + * Update standards version to 4.1.3 - no change + + -- Craig Small <csmall@debian.org> Sat, 20 Jan 2018 18:02:18 +1100 + +wordpress (4.9.1+dfsg-1) unstable; urgency=high + + * New upstream release + * Release 4.9 was never packaged due to licensing problems + * This release fixes 6 security issues Closes: #883314 + - CVE-2017-17091 + Use a properly generated hash for the newbloguser key instead + of a determinate substring. + - CVE-2017-17092 + Remove the ability to upload JavaScript files for users who + do not have the unfiltered_html capability + - CVE-2017-17093 + Add escaping to the language attributes used on html elements + - CVE-2017-17094 + Ensure the attributes of enclosures are correctly escaped in + RSS and Atom feeds + * Updated to standards 4.1.1 + * New linting for Javascript is disabled due to jshint.js licensing + issues + + -- Craig Small <csmall@debian.org> Sat, 09 Dec 2017 16:57:09 +1100 + +wordpress (4.8.3+dfsg-1) unstable; urgency=high + + * New upstream security release Closes: #880528 + + -- Craig Small <csmall@debian.org> Thu, 02 Nov 2017 22:16:15 +1100 + +wordpress (4.8.2+dfsg-2) unstable; urgency=high + + * Hash user activation key Closes: #877629 + Fixes CVE-2017-14990 + + -- Craig Small <csmall@debian.org> Wed, 04 Oct 2017 21:59:11 +1100 + +wordpress (4.8.2+dfsg-1) unstable; urgency=high + + * New upstream security release fixes 9 security issues closes: #876274 + - CVE-2017-14723 + $wpdb->prepare() can create unexpected and unsafe queries leading to + potential SQL injection (SQLi) + - CVE-2017-14724 + Cross-site scripting (XSS) vulnerability in the oEmbed discovery + - CVE-2017-14726 + Cross-site scripting (XSS) vulnerability in the visual editor + - CVE-2017-14719 + Path traversal vulnerability in the file unzipping code + - CVE-2017-14721 + Cross-site scripting (XSS) vulnerability in the plugin editor + - CVE-2017-14725 + Open redirect in the user and term edit screens + - CVE-2017-14722 + Path traversal vulnerability in the customizer + - CVE-2017-14720 + Cross-site scripting (XSS) vulnerability in template names + - CVE-2017-14718 + Cross-site scripting (XSS) vulnerability in the link modal + + -- Craig Small <csmall@debian.org> Fri, 22 Sep 2017 21:57:06 +1000 + +wordpress (4.8.1+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Thu, 03 Aug 2017 21:35:33 +1000 + +wordpress (4.8+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Fri, 09 Jun 2017 22:43:40 +1000 + +wordpress (4.7.5+dfsg-2) unstable; urgency=medium + + * Don't trust SERVER_NAME variable for emails + CVE-2017-8295 Closes: #862053 + + -- Craig Small <csmall@debian.org> Mon, 05 Jun 2017 21:45:59 +1000 + +wordpress (4.7.5+dfsg-1) unstable; urgency=high + + * New upstream release fixes 6 security issues Closes: #862816 + - CVE-2017-9066 + Insufficient redirect validation in the HTTP class. + - CVE-2017-9062 + Improper handling of post meta data values in the XML-RPC API. + - CVE-2017-9065 + Lack of capability checks for post meta data in the XML-RPC API. + - CVE-2017-9064 + A Cross Site Request Forgery (CRSF) vulnerability was discovered + in the filesystem credentials dialog. + - CVE-2017-9061 + A cross-site scripting (XSS) vulnerability was discovered when + attempting to upload very large files. + - CVE-2017-9063 + A cross-site scripting (XSS) vulnerability was discovered related + to the Customizer. + + -- Craig Small <csmall@debian.org> Wed, 17 May 2017 22:28:18 +1000 + +wordpress (4.7.4+dfsg-1) unstable; urgency=medium + + * New upstream maintenance release + + -- Craig Small <csmall@debian.org> Sat, 22 Apr 2017 09:01:42 +1000 + +wordpress (4.7.3+dfsg-1) unstable; urgency=high + + * New upstream release fixes 6 security issues Closes: #857026 + - CVE-2017-6814 + Cross-site scripting (XSS) via media file metadata. + - CVE-2017-6815 + Control characters can trick redirect URL validation. + - CVE-2017-6816 + Unintended files can be deleted by administrators using the plugin + deletion functionality. + - CVE-2017-6817 + Cross-site scripting (XSS) via video URL in YouTube embeds. + - CVE-2017-6818 + Cross-site scripting (XSS) via taxonomy term names. + - CVE-2017-6819 + Cross-site request forgery (CSRF) in Press This leading to excessive + use of server resources. + + -- Craig Small <csmall@debian.org> Tue, 07 Mar 2017 21:59:02 +1100 + +wordpress (4.7.2+dfsg-1) unstable; urgency=high + + * New upstream release fixes 3 security issues Closes: #852767 + - CVE-2017-5610 + The user interface for assigning taxonomy terms in Press This is + shown to users who do not have permissions to use it. + - CVE-2017-5611 + WP_Query is vulnerable to a SQL injection (SQLi) + - CVE-2017-5612 + XSS in the posts list table + + -- Craig Small <csmall@debian.org> Sun, 29 Jan 2017 08:22:44 +1100 + +wordpress (4.7.1+dfsg-1) unstable; urgency=high + + * New upstream release fixes 8 security issues, Closes: #851310 + - CVE-2017-5493 + Cryptographically Weak Pseudo-Random Number Generator + - CVE-2017-5492 + Accessibility Mode Cross-Site Request Forgery (CSRF) + - CVE-2017-5491 + Post via Email Checks mail.example.com by Default + CVE-2017-5490 + - Stored Cross-Site Scripting (XSS) via Theme Name fallback + CVE-2017-5489 + - Cross-Site Request Forgery (CSRF) via Flash Upload + CVE-2017-5488 + - Authenticated Cross-Site scripting (XSS) in update-core.php + CVE-2017-5487 + - User Information Disclosure via REST API + CVE-2016-10066 + - Potential Remote Command Execution (RCE) in PHPMailer + + -- Craig Small <csmall@debian.org> Sat, 14 Jan 2017 09:30:12 +1100 + +wordpress (4.7+dfsg-2) unstable; urgency=medium + + * Add virtual-mysql-* as an option Closes: #847597 + + -- Craig Small <csmall@debian.org> Sat, 10 Dec 2016 06:57:01 +1100 + +wordpress (4.7+dfsg-1) unstable; urgency=medium + + * New upstream release + * Removed theme twentyfourteen + * Added new theme twentyseventeen + + -- Craig Small <csmall@debian.org> Wed, 07 Dec 2016 22:14:14 +1100 + +wordpress (4.6.1+dfsg-2) unstable; urgency=medium + + * Remove -e from for loop Closes: #845388 + * Thanks to Santiago Vila for above patch + * Update and fix the language files + + -- Craig Small <csmall@debian.org> Wed, 30 Nov 2016 22:40:08 +1100 + +wordpress (4.6.1+dfsg-1) unstable; urgency=medium + + * New upstream security release, Closes: #837090, fixes CVE-2016-6896, + CVE-2016-6897, CVE-2016-7168 and CVE-2016-7169. + + -- Craig Small <csmall@debian.org> Fri, 09 Sep 2016 21:56:22 +1000 + +wordpress (4.5.3+dfsg-1) unstable; urgency=medium + + * New upstream release, various security fixes + * Update tinymce missing sources + + -- Craig Small <csmall@debian.org> Thu, 23 Jun 2016 22:18:26 +1000 + +wordpress (4.5.2+dfsg-2) unstable; urgency=medium + + * Updated language files Closes: #772498 + * Add alias to nginx example configuration + * Add warning in description and README about googleapis + Closes: #781449 + + -- Craig Small <csmall@debian.org> Mon, 13 Jun 2016 12:29:11 +1000 + +wordpress (4.5.2+dfsg-1) unstable; urgency=high + + * New upstream release + * Fixes reflected XSS attack in plupload Closes: #823640 + * Do not use old mediaelelement + + -- Craig Small <csmall@debian.org> Sat, 07 May 2016 12:39:47 +1000 + +wordpress (4.5.1+dfsg-1) unstable; urgency=medium + + * New upstream release + * Update to standard version 3.9.8 + + -- Craig Small <csmall@debian.org> Mon, 02 May 2016 22:18:13 +1000 + +wordpress (4.5+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Wed, 13 Apr 2016 21:07:16 +1000 + +wordpress (4.4.2+dfsg-3) unstable; urgency=medium + + * Keep php5* alternates Closes: #820288 + + -- Craig Small <csmall@debian.org> Thu, 07 Apr 2016 21:28:32 +1000 + +wordpress (4.4.2+dfsg-2) unstable; urgency=medium + + * Update libphp-phpmailer dependency Closes: #818870 + * Update to non-version PHP dependencies + * Update to standards 3.9.7 no change + + -- Craig Small <csmall@debian.org> Tue, 05 Apr 2016 22:13:33 +1000 + +wordpress (4.4.2+dfsg-1) unstable; urgency=medium + + * New upstream release Closes: #813697 + * Fixes open redirection attack CVE-2016-2221 + * Fixes possible SSRF for local URIs CVE-2016-2222 + + -- Craig Small <csmall@debian.org> Fri, 05 Feb 2016 20:34:42 +1100 + +wordpress (4.4.1+dfsg-1) unstable; urgency=medium + + * New upstream release + * Fixes XSS vulnerability CVE-2016-1564 Closes: #810325 + + -- Craig Small <csmall@debian.org> Fri, 08 Jan 2016 22:05:11 +1100 + +wordpress (4.4+dfsg-1) unstable; urgency=medium + + * New upstream release + * Add languages directory to install Closes: #798382 + * Update the setup-mysql script to use correct wp-content dirs + Closes: #755530, #311821, #732134, #783331 + * Updated language files + + -- Craig Small <csmall@debian.org> Fri, 11 Dec 2015 21:37:01 +1100 + +wordpress (4.3.1+dfsg-1) unstable; urgency=medium + + * New upstream release + * Fixes CVE-2015-5714 CVE-2015-5715 Closes: #799140 + + -- Craig Small <csmall@debian.org> Fri, 18 Sep 2015 20:54:53 +1000 + +wordpress (4.3+dfsg-2) unstable; urgency=medium + + * Backport changeset 33646 to fix cron entries Closes: #798350 + + -- Craig Small <csmall@debian.org> Tue, 08 Sep 2015 22:22:11 +1000 + +wordpress (4.3+dfsg-1) unstable; urgency=medium + + * New upstream release + * Adjusted some wp-content directories + * Added symlink for themes + + -- Craig Small <csmall@debian.org> Wed, 19 Aug 2015 22:48:32 +1000 + +wordpress (4.2.4+dfsg-1) unstable; urgency=high + + * New upstream release + * Security fix for 3 XSS and a SQL injection bugs Closes: #794560 + + -- Craig Small <csmall@debian.org> Tue, 04 Aug 2015 22:48:41 +1000 + +wordpress (4.2.3+dfsg-1) unstable; urgency=medium + + * New upstream release + * Moved theme to Recommends Closes: #784689 + * Remove reference to TODO Closes: #786427 + + -- Craig Small <csmall@debian.org> Fri, 24 Jul 2015 20:54:50 +1000 + +wordpress (4.2.2+dfsg-1) unstable; urgency=medium + + * New upstream release + * Fixes security bug in themes on genericons Closes: #784603 + + -- Craig Small <csmall@debian.org> Wed, 13 May 2015 22:32:03 +1000 + +wordpress (4.2.1+dfsg-1) unstable; urgency=high + + * New Security release Closes: #783554 + * Patches another XSS due to field length + + -- Craig Small <csmall@debian.org> Tue, 28 Apr 2015 08:32:48 +1000 + +wordpress (4.2+dfsg-1) unstable; urgency=high + + * New upstream release + * Fixes security bugs: + - XSS vulnerability + - files with invalid or unsafe names could be added + - another limited XSS + - some plugins vulnerable to SQL injection + * README.debian: Added permission note for config file Closes: #773079 + * Added php5-ssh2 to suggests Closes: 783333 + * Added nginx/php5-fpm example Closes: #783334 + + -- Craig Small <csmall@debian.org> Sun, 26 Apr 2015 21:35:58 +1000 + +wordpress (4.1.1+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Sat, 28 Feb 2015 11:17:46 +1100 + +wordpress (4.1+dfsg-1) unstable; urgency=medium + + * New upstream release + * Changed trigger to noawait Closes: #772862 + * Updated apache example Closes: #773075 + * Updated to standards 3.9.6 + * Added getid3 and mediaelement to linktree Closes: #762523 + * Removed two unbuildable mediaelement files + + -- Craig Small <csmall@debian.org> Sat, 20 Dec 2014 15:31:21 +1100 + +wordpress (4.0.1+dfsg-2) unstable; urgency=medium + + * Fixed i18n updates + * twentyfourteen theme has translations Closes: #772205 + + -- Craig Small <csmall@debian.org> Sat, 06 Dec 2014 18:54:49 +1100 + +wordpress (4.0.1+dfsg-1) unstable; urgency=high + + * New upstream release + * Fixes several security bugs Closes: #770425 + - Three cross-site scripting issues that a contributor or + author could use to compromise a site. + - A cross-site request forgery that could be used to trick a + user into changing their password. + - An issue that could lead to a denial of service when + passwords are checked. + - Additional protections for server-side request forgery + attacks when WordPress makes HTTP requests. + - An extremely unlikely hash collision could allow a user’s + account to be compromised, that also required that they + haven’t logged in since 2008. + - WordPress now invalidates the links in a password reset email + if the user remembers their password, logs in, and changes + their email address. + + -- Craig Small <csmall@debian.org> Sat, 22 Nov 2014 19:29:37 +1100 + +wordpress (4.0+dfsg-1) unstable; urgency=medium + + * New upstream release + + -- Craig Small <csmall@debian.org> Fri, 05 Sep 2014 20:58:06 +1000 + +wordpress (3.9.2+dfsg-1) unstable; urgency=high + + * New Upstream release + * Fixes XML Security bug Closes: #757312 + + -- Craig Small <csmall@debian.org> Thu, 07 Aug 2014 18:26:39 +1000 + +wordpress (3.9.1+dfsg-1) unstable; urgency=medium + + * New upstream release + * Use system CA certificate file Closes: #748965 + + -- Craig Small <csmall@debian.org> Wed, 11 Jun 2014 22:33:48 +1000 + +wordpress (3.9+dfsg-1) unstable; urgency=medium + + * New upstream release + * 3.9 seems to handle different locations for plugins so the + plugin directory handling patches have been cut back. + + -- Craig Small <csmall@debian.org> Thu, 17 Apr 2014 20:56:19 +1000 + +wordpress (3.8.3+dfsg-1) unstable; urgency=medium + + * New upstream release - fixes Quick Draft tool that broke in 3.8.2 + + -- Craig Small <csmall@debian.org> Wed, 16 Apr 2014 22:48:26 +1000 + +wordpress (3.8.2+dfsg-1) unstable; urgency=high + + * New upstream release Fixes CVE-2014-0165, CVE-2014-0166 + and Closes: #744018 + + -- Craig Small <csmall@debian.org> Wed, 09 Apr 2014 22:13:54 +1000 + +wordpress (3.8.1+dfsg1-2) unstable; urgency=medium + + * Updated copyright file Closes: #736514 + + -- Craig Small <csmall@debian.org> Fri, 14 Feb 2014 22:03:49 +1100 + +wordpress (3.8.1+dfsg1-1) unstable; urgency=medium + + * Added Breaks/Replaces for combined wordpress Closes: #736688 + * Removed moxieplayer.swf and added missing sources Closes: #736804 + + -- Craig Small <csmall@debian.org> Thu, 06 Feb 2014 22:42:07 +1100 + +wordpress (3.8.1+dfsg-1) unstable; urgency=medium + + * New upstream release. + * Depend on either mysql or mariadb client Closes: #732914 + + -- Craig Small <csmall@debian.org> Fri, 24 Jan 2014 22:20:08 +1100 + +wordpress (3.8+dfsg-1) unstable; urgency=low + + [ Pablo Vazquez Martinez ] + * Split themes in different binary packages. Closes: #723819 + + [ Craig Small ] + * New upstream release. Closes: #733726 + * Update Standards-Version to 3.9.5. + * New Maintainer + + -- Craig Small <csmall@debian.org> Wed, 22 Jan 2014 22:28:02 +1100 + +wordpress (3.7.1+dfsg-1) unstable; urgency=low + + * New upstream release. + * Enable usage of php5-mysqlnd as an alternative to php5-mysql. + Closes: #722552 + * Improve wp-setup to cope with plugins/themes directories with + spaces. Thanks to Oskar Liljeblad <oskar@osk.mine.nu> for the patch. + Closes: #723074 + * Refresh patches + + -- Raphaël Hertzog <hertzog@debian.org> Wed, 13 Nov 2013 20:41:09 +0100 + +wordpress (3.6.1+dfsg-1) unstable; urgency=high + + * New upstream security release. Fixes CVE-2013-4338 CVE-2013-4339 + CVE-2013-4340. Closes: #722537 + + -- Raphaël Hertzog <hertzog@debian.org> Thu, 12 Sep 2013 07:58:57 +0200 + +wordpress (3.6+dfsg-1) unstable; urgency=low + + * New upstream release. + * Improve wp-settings to verify that $_SERVER['HTTP_X_FORWARDED_PROTO'] + exists before accessing it (avoids a PHP notice). + Thanks to Paul Dreik <slask@pauldreik.se> for the report and the patch. + * Document in README.Debian the need to login to /wp-admin/ to complete + an upgrade. + * Drop useless debian/README.source + * Drop 008CVE2008-2392.patch since upstream now disables unfiltered + uploads by default. See http://core.trac.wordpress.org/ticket/10692 + * Drop 009CVE2008-6767.patch since the backto parameter is validated + against a whitelist, and externally triggered upgrades are not a + security problem as long as they work. + * Update debian/missing-sources with latest versions. + * Update upstream l10n. + + -- Raphaël Hertzog <hertzog@debian.org> Wed, 04 Sep 2013 23:18:58 +0200 + +wordpress (3.5.2+dfsg-1) unstable; urgency=low + + * New upstream release with many security fixes. Closes: #713947 + * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. + * Privilege Escalation: Contributors can publish posts, and users can + reassign authorship. CVE-2013-2200. + * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. + * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. + * Content Spoofing via Flash Applet in TinyMCE Media Plugin. + CVE-2013-2204. + * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. + * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. + * Additional security hardening includes: + * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. + CVE-2013-2201. + * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating + Plugins/Themes. CVE-2013-2201. + * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. + * Update the Vcs-Git and Vcs-Browser URLs. + * Update Standards-Version to 3.9.4. + + -- Raphaël Hertzog <hertzog@debian.org> Tue, 25 Jun 2013 15:52:07 +0200 + +wordpress (3.5.1+dfsg-2) unstable; urgency=low + + * Only replace tinymce files by symlinks if the content is exactly the same. + Closes: #700289 + * Update debian/get-upstream-i18n to include supplementary PO files + and use a more efficient method to update them. Closes: #697208 + + -- Raphaël Hertzog <hertzog@debian.org> Mon, 11 Feb 2013 13:56:18 +0100 + +wordpress (3.5.1+dfsg-1) unstable; urgency=low + + * New upstream maintenance and security release. Closes: #698916 + + -- Raphaël Hertzog <hertzog@debian.org> Mon, 28 Jan 2013 17:15:27 +0100 + +wordpress (3.5+dfsg-1) unstable; urgency=low + + * New upstream release. + * Fix sample apache.conf so that Alias directives are in the proper order + (from the most specific to the less specific). Closes: #693122 + Thanks to Jérôme Marant for the report. + * Update debian/missing-sources/ with latest upstream changes. + * Update all translations. + * Try to deduplicate (i.e. replace with symlinks) backbone.js and + underscore.js too. + * Drop debian/patches/006rss_language.patch, the rss_language option + is no longer used. + * Update/refresh all other patches on top of the new release. + * Update lintian overrides and debian/wordpress.linktrees to match the + latest changes concerning javascript libraries shipped by WordPress. + * Document the loss of the twentyten theme. + + -- Raphaël Hertzog <hertzog@debian.org> Fri, 21 Dec 2012 14:17:50 +0100 + +wordpress (3.4.2+dfsg-1) unstable; urgency=low + + * New upstream security & bugfix release. + * Also setup languages symlink in setup-mysql. Closes: #684628 + Thanks to Jun NOGATA <nogajun@gmail.com> for the analysis. + * Add new patch 011support-symlinks-for-plugins.patch grabbed + in the upstream ticket to allow plugin directories to be + symlinks (which is required for the Debian package since + we put symlinks in /var/lib/wordpress/wp-content/plugins/). + Closes: #686228 + + -- Raphaël Hertzog <hertzog@debian.org> Wed, 12 Sep 2012 14:52:14 +0200 + +wordpress (3.4.1+dfsg-1) unstable; urgency=high + + * New upstream security & bugfix release. Closes: #680721 + Fixes CVE-2012-3383, CVE-2012-3384, CVE-2012-3385. + + -- Raphaël Hertzog <hertzog@debian.org> Tue, 03 Jul 2012 08:36:08 +0200 + +wordpress (3.4+dfsg-3) unstable; urgency=low + + * [f7a1c09] Drop useless postrm. + * [d92219b] Add a prerm script calling wp-setup --purge-wp-content on + remove. Closes: #678842 + * [2fbf903] Allow wp-setup to symlink files as well as directories. + * [cef928f] Let wp-setup also manage + /var/lib/wordpress/wp-content/languages/. + * [ac86408] Densify output of wp-setup. + + -- Raphaël Hertzog <hertzog@debian.org> Tue, 26 Jun 2012 10:47:25 +0200 + +wordpress (3.4+dfsg-2) unstable; urgency=low + + * [2e63535] Merge unused debian/NEWS into debian/wordpress.NEWS so that + users are correctly informed of the latest changes. + * [e3b7b1c] Improve preinst to also move the + /usr/share/wordpress/wp-content/uploads directory to its new location in + /var/lib/wordpress/wp-content/. The package never created this directory + but many users probably created it and we need to do this to let dpkg + install the symlink that we put into place. + * [5c0a29b] Add a trigger that watches /usr/share/wordpress/wp-content. + When activated, it will execute wp-setup --sync-wp-content + which updates /var/lib/wordpress/wp-content/ with symlinks + to plugins/themes that have been added and it drops symlinks + to plugins/themes which have disappeared. (Closes: #677889) + + -- Raphaël Hertzog <hertzog@debian.org> Thu, 21 Jun 2012 20:44:53 +0200 + +wordpress (3.4+dfsg-1) unstable; urgency=low + + * New upstream release. Closes: #677534 + + [ Raphaël Hertzog ] + * [a1c0409] Refresh and update all patches to correctly apply on version + 3.4. + * [3804496] Update debian/missing-sources/ to match the current versions of + embedded javascript and flash files. + * [185b051] Drop the old "default" theme (and its French translation) + * [966ce6c] Grab latest translations + * [1983326] Update Standards-Version to 3.9.3 (no change). + * [29c48b6] Increase debhelper compat level to 9. + * [73e16d0] Replace debian/dh_linktree by the packaged version. + * [359b660] Update debian/wordpress.linktrees to match latest developments. + * [645b650] Let setup-mysql lowercase the FQDN since the configuration + scheme expects this. Thanks to Chris Butler <chrisb@debian.org> for the + report (Closes: #658395) + * [5433e90] Fix setup-mysql to avoid creating /srv/www with restricted + permissions (Closes: #616400) + * [dd2ef1d] Move back wp-config.php to /usr/share/wordpress/ since it's only + a dispatcher to the real configuration file (Closes: #592502) + * [b602372] Improve wp-config.php so that WordPress works behind an https + reverse-proxy. + * [ba0b729] Entirely update and rewrite README.debian. (Closes: #575985, + #639980) + * [683a908] Update wp-config.php to not redefine constants which have + already been set. Thanks to Richard van den Berg <richard@vdberg.org> for + the report. (Closes: #613283) + * [315eb68] Let wordpress-l10n depend on the same version than wordpress. + (Closes: #623557) + * [a6d0b9f] Default configuration now sets WP_CONTENT_DIR to + /var/lib/wordpress/wp-content. And the package provides this new directory + appropriately setup with write rights to www-data on blogs.dir and + uploads. themes and plugins are root-owned directories with symlinks + pointing back to the default themes and plugins. (Closes: #675469) + * [4db98c6] Update setup-mysql to use WP_CONTENT_DIR (and no longer use + $upload_dir). (Closes: #658508) + * [a1970da] Extend debian/wordpress.linktrees to cover swfobject.js. + * [8d46dab] Use dpkg-maintscript-helper to drop obsolete + /etc/wordpress/wp-config.php + + [ Martin Bagge / brother ] + * [56d0a34] Improve the setup script to be able to use a remote MySQL + server. + + -- Raphaël Hertzog <hertzog@debian.org> Sat, 16 Jun 2012 01:19:20 +0200 + +wordpress (3.3.2+dfsg-1) unstable; urgency=high + + * New upstream security release. Closes: #670124 + * Use the embedded copy of SimplePie until #669054 is resolved. + + -- Raphaël Hertzog <hertzog@debian.org> Tue, 24 Apr 2012 00:31:42 +0200 + +wordpress (3.3.1+dfsg-1) unstable; urgency=low + + * New upstream security release. Fixes CVE-2012-0287. + + -- Raphaël Hertzog <hertzog@debian.org> Wed, 04 Jan 2012 10:15:05 +0100 + +wordpress (3.3+dfsg-1) unstable; urgency=low + + * New upstream release. Closes: #652041 + * [4deb832] Add all the missing sources in debian/missing-sources/. + (Closes: #646729) + * [913eba5] Refresh all patches. + * [ae61778] Use xz compression for the debian tarball to save some space. + + -- Raphaël Hertzog <hertzog@debian.org> Tue, 20 Dec 2011 01:01:50 +0100 + +wordpress (3.2.1+dfsg-3) unstable; urgency=medium + + * Upload with urgency medium to speed up a bit the transition to testing + since the testing version is broken. + * [72d01a3] Improve dh_linktree. + It is now able to generate dependencies and to have different behaviour + for each file to replace. Modify wordpress.linktrees to ensure we have + the very same JQuery files but blindly replaces all the other files. + Drop the explicit dependencies in favor of the autogenerated dependencies. + As a side-effect this fixes installation of widgets which was broken + by the mismatch of some JQuery ui files. + * [bbce711] Add lintian overrides for warnings about the embedded copy of JQuery. + We do a reasonable effort to replace it if it matches. + + -- Raphaël Hertzog <hertzog@debian.org> Thu, 27 Oct 2011 16:01:49 +0200 + +wordpress (3.2.1+dfsg-2) unstable; urgency=low + + * [af74ce2] Add a preinst to drop symlinks to directories for tinymce + and cropper. The new dh_linktree only symlinks files and hierarchies are + duplicated. So we have to drop symlinks to directories in the preinst, + otherwise dpkg installs the new symlinks in the tinymce/cropper + directories instead of in the wordpress ones. + Also drop the upgrade code in the postinst converting the same directories + into symlinks... (Closes: #639733) + * [0b51c4f] Invite users affected by #639733 to reinstall + tinymce/libjs-cropper. + * [55af033] Fix invalid test in postinst (upgrade → configure) + "upgrade" is not a valid parameter in the postinst. Instead + we get "configure". + + -- Raphaël Hertzog <hertzog@debian.org> Sat, 22 Oct 2011 17:01:25 +0200 + +wordpress (3.2.1+dfsg-1) unstable; urgency=low + + [ Paul Tagliamonte ] + * [c5e4b2c] Added a get-orig-source target to recreate the DFSG-clean + tarball. It drops all the sourceless flash files. Closes: #625773 + + [ Raphaël Hertzog ] + * [d1035bd] Imported Upstream version 3.2.1+dfsg + * [b968405] Update and refresh all patches. + * [10ab97c] Drop manifest.patch because the description in its header + doesn't make any sense. + * [87537db] Update dependencies as per new upstream requirements. + * [0c534ec] Update packaging to avoid using even more embedded PHP/JS + libraries. + * [ec5c11e] Use a new dh_linktree to replace embedded PHP/JS libraries. + * [8690719] Add lintian override for embedded-php-library streams.php since + it's a false positive. + * [83c15bc] Upgrade Standards-Version to 3.9.2 (no changes needed). + * [938fb15] Update internationalization files. + * [6ac0357] Install class-smtp.php and class-phpmailer.php so that they can + be replaced by dh_linktree. + + -- Raphaël Hertzog <hertzog@debian.org> Mon, 08 Aug 2011 23:06:20 +0200 + +wordpress (3.0.5+dfsg-1) unstable; urgency=medium + + * [077b77b] Imported Upstream version 3.0.5+dfsg + * [8d1ce17] Refreshed patches + + -- Giuseppe Iuculano <iuculano@debian.org> Fri, 11 Feb 2011 17:50:40 +0100 + +wordpress (3.0.4+dfsg-1) unstable; urgency=high + + * [9d62499] Imported Upstream version 3.0.4+dfsg + - This is critical security update, more info: http://wp.me/pZhYe-qt + + -- Giuseppe Iuculano <iuculano@debian.org> Thu, 30 Dec 2010 14:47:40 +0100 + +wordpress (3.0.3.dfsg-1) unstable; urgency=high + + * [e113893] Imported Upstream version 3.0.3.dfsg + - Re-packaged without the hello dolly plugin (Closes: #607240) + * [9d62cfd] Removed hello.patch + + -- Giuseppe Iuculano <iuculano@debian.org> Tue, 28 Dec 2010 17:22:34 +0100 + +wordpress (3.0.3-1) unstable; urgency=high + + * [014c926] Imported Upstream version 3.0.3 (Closes: #606657) + * [f29b6ac] Use GPL-compliant lyrics in the hello dolly plugin. + (Closes: #607240) + + -- Giuseppe Iuculano <iuculano@debian.org> Fri, 17 Dec 2010 11:03:55 +0100 + +wordpress (3.0.2-1) unstable; urgency=high + + [ Raphaël Hertzog ] + * [9d6922c] Improve wp-config.php to support sites on subdomains and + htaccess by providing directives ready to uncomment + + [ Giuseppe Iuculano ] + * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880) + - Author level SQL injection vulnerability fixed (Closes: #605603) + * [b4f2869] Refreshed debian/patches/001readme.patch + * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732) + + -- Giuseppe Iuculano <iuculano@debian.org> Tue, 07 Dec 2010 08:43:38 +0100 + +wordpress (3.0.1-2) unstable; urgency=low + + * [e8a913f] Remove swfupload.swf from the binary package, as it cannot + be built from source, violating the Policy. (Closes: #591195) + * [92493d0] Document in Readme.Debian how to get swfupload.swf + * [3663a53] debian/get-upstream-i18n: download also configuration + files for RTL-languages (Closes: #585784) + * [8bbdc8b] Added a missing define in debian/wp-config.php (Closes: #590859) + * [34dd063] Updated language files + * [adf55b3] Install *.php configuration files for RTL-languages + + -- Giuseppe Iuculano <iuculano@debian.org> Thu, 02 Sep 2010 10:33:50 +0200 + +wordpress (3.0.1-1) unstable; urgency=low + + * [e6e4f09] Updated watch file + * [12dd7cd] Imported Upstream version 3.0.1 + * [7f03621] Bump to standards-version 3.9.1, no changes needed + + -- Giuseppe Iuculano <iuculano@debian.org> Wed, 04 Aug 2010 16:41:24 +0200 + +wordpress (3.0-1) unstable; urgency=low + + [ Giuseppe Iuculano ] + * [a57d26e] Imported Upstream version 3.0 (Closes: #586764) + * [a74cd68] MU: enable multi-user by default and install the proper + blogs.dir directory + * [ffd926e] fix the blogs.dir link + * [c81081d] Adjust MU setup for Debian installations + * [c14dd9d] Update language files + * [6a7296f] Added Raphaël Hertzog in Uploaders + * [7ea24ff] Updated watch file + + [ Raphaël Hertzog ] + * [2d1df3e] Update patch debian/patches/001readme.patch + * [58a772e] Update patch debian/patches/003installer.patch + * [332abfc] Update patch debian/patches/006rss_language.patch + * [ee99544] Update patch debian/patches/008CVE2008-2392.patch + * [b960914] Refresh patch debian/patches/009CVE2008-6767.patch + * [511eea7] Refresh patch + debian/patches/010disabling_update_note.patch + * [22c5015] Refresh patch debian/patches/manifest.patch + * [7cfe147] Switch to source format 3.0 (quilt). + * [8c86759] Add back the default theme that has been dropped upstream + * [390188e] Adjust links and rules to cope with removal of + scriptaculous/prototype.js + * [1313b13] Add package prefix to many debian/ files for clarity + * [c4e7651] Switch to dh7 tiny rules file and general cleanup of the + build process. + * [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint + repository. + + -- Giuseppe Iuculano <iuculano@debian.org> Sun, 27 Jun 2010 15:47:40 +0200 + +wordpress (2.9.2-1) unstable; urgency=low + + * [3f228c1] Imported Upstream version 2.9.2 + * [7965955] Bump to Standards-Version 3.8.4 (no changes) + * [e86fd59] Updated language files + + -- Giuseppe Iuculano <iuculano@debian.org> Tue, 16 Feb 2010 12:41:01 +0100 + +wordpress (2.9.1-2) unstable; urgency=low + + * [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) - + thanks to Franck Nouyrigat + * [aa0f3a0] Allow site names with dash character. (Closes: #566224) - + thanks to Mikko Visa + * [ee0a44e] Updated language files + + -- Giuseppe Iuculano <iuculano@debian.org> Fri, 22 Jan 2010 19:07:14 +0100 + +wordpress (2.9.1-1) unstable; urgency=low + + * [a83b8fd] Imported Upstream version 2.9.1 + * [216890e] Added ${misc:Depends} in Depends + * [ec95986] Updated language files + + -- Giuseppe Iuculano <iuculano@debian.org> Wed, 06 Jan 2010 13:20:35 +0100 + +wordpress (2.9-1) unstable; urgency=low + + * [fdd001e] Change wordpress-l10n section (localization) + * [625fa21] Imported Upstream version 2.9 + * [dd9b536] Refreshed patches + * [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry + * [3287ec5] Updated language files (Closes: #556902) + + -- Giuseppe Iuculano <iuculano@debian.org> Wed, 23 Dec 2009 14:31:36 +0100 + +wordpress (2.8.6-1) unstable; urgency=low + + * [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki + Yamane + * [997165e] Imported Upstream version 2.8.6 + * [05395e1] debian/wp-config.php: sanitize $debian_server and do not + check if $debian_file is under /etc/wordpress (Closes: #549436) + * [dc016ce] Updated language files + + -- Giuseppe Iuculano <iuculano@debian.org> Sat, 14 Nov 2009 12:53:07 +0100 + +wordpress (2.8.5-1) unstable; urgency=high + + * [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841) + - This version fixes CVE-2009-3622, Wordpress Trackback DoS + * [cad0da2] Updated languages files + * [e8438f2] Use /var/log/apache2 directory in the apache example file + (Closes: #551380) + + -- Giuseppe Iuculano <iuculano@debian.org> Wed, 21 Oct 2009 21:43:31 +0200 + +wordpress (2.8.4-3) unstable; urgency=low + + * [dc295db] Provide a more descriptive errror message if the vhost + config file is not found. (LP: #365783) + * [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) - + thanks to Arnaud Guiton + * [fd27308] Updated debian/copyright + * [94ad7d3] Split up the language files into a separate package + * [08334d7] Updated language files + * [6682ab3] Updated my email address and removed DM-Upload-Allowed + control field + + -- Giuseppe Iuculano <iuculano@debian.org> Sat, 03 Oct 2009 10:28:16 +0200 + +wordpress (2.8.4-2) unstable; urgency=low + + * [e582ddd] Removed reference about drag.gif in manifest.php, thanks + to Michel Meyers (Closes: #517969) + * [a0d70c8] Do not symlink readme.html, instead install it in + /usr/share/wordpress + * [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper + symlink to the tabfocus plugin + * [0492b02] Added a note in NEWS and README.debian about the secondary + consequence caused by the previous fix for a possible script + injection via /etc/wordpress/wp-config.php + * [6a3c803] Updated language files + + -- Giuseppe Iuculano <giuseppe@iuculano.it> Wed, 26 Aug 2009 14:53:43 +0200 + +wordpress (2.8.4-1) unstable; urgency=low + + * [5f0812d] Imported Upstream version 2.8.4 + * [e1ea94b] Switch to quilt + * [cf8904e] Removed Andrea De Iacovo from Maintainer field, thanks + Andrea for the prior work on wordpress! + * [6013bd8] Removed 007_REQUEST.patch, upstream already fixed CVE-2008-5113 + in a better way + * [8da39ea] Removed 004languages.patch, it contains outdated languages + files + * [d5696ea] debian/control: Updated Vcs control field + * [89316e0] debian/rules: Comment the DH_VERBOSE export + * [cf78bf5] debian/wp-config.php: check if $debian_file is under + /etc/wordpress and mitigate a possible script injection via + /etc/wordpress/wp-config.php. Thanks to Raphael Geissert (Closes: #500295) + * [ece1c25] debian/get-upstream-i18n: Do not remove outdated language + files by default + * [59547a2] Do not embed tinymce, php-gettext and cropper. (Closes: #504242) + * [848828d] debian/postinst: Create the symlinks manually, dpkg + doesn't replace directories with symlinks. (Closes: #517969) + * [2af4aea] debian/patches/009CVE2008-6767.patch: Grant upgrade + privilege to all admin users. Thanks to Ivan Warren (Closes: #541371) + * [46e8f2b] debian/control: Removed the sentence about the French + language support, now there are a lot of language files + * [fcd94c6] debian/control: Remove outdated packages from Depends, + Suggests, and Conflicts + * [9c28177] Updated to standards version 3.8.3 (No changes needed) + * [700156e] Added a README.source (Debian Policy Manual section 4.14) + * [13a98d5] Updated language files + * [a86b72a] Do not install readme.html in doc, it doesn't contain any + relevant information for Debian users + * [25d4e8e] Updated copyright file + + -- Giuseppe Iuculano <giuseppe@iuculano.it> Tue, 18 Aug 2009 08:28:23 +0200 + +wordpress (2.8.3-2) unstable; urgency=medium + + * [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce + activation key to be a string (Closes: #541102) + * [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop. + (Closes: #541199) + + -- Giuseppe Iuculano <giuseppe@iuculano.it> Wed, 12 Aug 2009 18:18:52 +0200 + +wordpress (2.8.3-1) unstable; urgency=medium + + * [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411) + This release fixed several security issue: + - Privileges unchecked and multiple information disclosures. + (CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724) + - CVE-2009-2431, CVE-2009-2432: Obtain sensitive information + (Closes: #537146) + - CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php + (Closes: #531736) + * [347c164] debian/control: Added Giuseppe Iuculano in Uploaders, + added Vcs and DM-Upload-Allowed control field + * [92fb4ab] Bump to debhelper 7 compatibility levels + * [5b8536e] Refreshing patches + * [d999c0e] Added a watch file + * [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there + isn't anymore. + * [9c4d0e5] debian/get-upstream-i18n: download .xpi files into + debian/languages + * [76b7c5c] Install language files + * [a0bfad2] Move gettext in Build-Depends-Indep + * [8b607bf] Use set -e instead of passing -e to the shell on the #! + line + * [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can + upgrade wordpress. (CVE-2008-6767) (Closes: #531736) + * [d6adfbe] Disabled the the "please update" warning, thanks to Hans + Spaans and Rolf Leggewie (Closes: #506685) + * [15c360c] Updated to standards version 3.8.2 (No changes needed) + + -- Giuseppe Iuculano <giuseppe@iuculano.it> Tue, 11 Aug 2009 16:30:35 +0200 + +wordpress (2.7.1-2) unstable; urgency=low + + * setup-mysql corrected to accept domain names with hyphens (Closes: #514447) + * wp-config.php now dies if no config file is found (Closes: #500296) + * now the static browser uploader is supported (Closes: #501507) + Users che chose to use the browser (instead of flash) to upload media files. + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Sun, 15 Feb 2009 19:13:35 +0100 + +wordpress (2.7.1-1) experimental; urgency=low + + * Merge with upstream Wordpress-2.7 (Closes: #514845) + * Corrected security regression on CVE-2008-2392. + Admins had unfiltered upload capability again. + Now this options is disabled by default and can be + enable through the security options panel. + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Thu, 12 Feb 2009 00:39:29 +0100 + +wordpress (2.7-1) experimental; urgency=low + + * Merge with upstream Wordpress-2.7 (Closes: #507356) + * README file is now more clear about Apache + configuration (Closes: #511312, #507981) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Mon, 12 Jan 2009 12:30:05 +0100 + +wordpress (2.6.2-2) experimental; urgency=low + + * 007CVE2008-2392.patch modified. + Now users chan dinamically choose to enable unrestricted upload for admins. + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Thu, 06 Nov 2008 10:38:07 +0100 + +wordpress (2.6.2-1) experimental; urgency=low + + * Merge with upstream Wordpress-2.6.2 (Closes: #490977) + * Dependency field was changed to erase useless dependencies (Closes: #496240) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Thu, 23 Oct 2008 17:20:34 +0200 + +wordpress (2.5.1-8) unstable; urgency=high + + * Added 009CVE2008-4106 patch. (Closes: #500115) + Whitespaces in user name are now checked during login. + It's not possible to register an "admin(n-whitespaces)" user anymore + to gain unauthorized access to the admin panel. + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Thu, 25 Sep 2008 17:02:47 +0200 + +wordpress (2.5.1-7) unstable; urgency=high + + * Modified CVE2008-3747 patch. (Closes: #497524) + The old patch made the package completely unusable. The new + one should solve the issue. (Thanks to Del Gurt) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Thu, 04 Sep 2008 00:42:11 +0200 + +wordpress (2.5.1-6) unstable; urgency=high + + * Added patch to fix remote attack vulnerability (Closes: #497216) + Attackers could gain administrative powers by sniffing cookies. + This patch force wordpress over a ssl connection to prevent + this issue. (CVE-2008-3747) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Sun, 31 Aug 2008 09:02:22 +0200 + +wordpress (2.5.1-5) unstable; urgency=low + + * Modified rules file to have a lintian clean package. + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Mon, 16 Jun 2008 18:41:21 +0200 + +wordpress (2.5.1-4) unstable; urgency=low + + * Added patch to fix unrestricted file upload vulnerability (Closes: #485807) + Now administrators can upload only files that are in the standard + mime-type set (Fixes CVE-2008-2392) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Sat, 14 Jun 2008 17:31:04 +0200 + +wordpress (2.5.1-3) unstable; urgency=low + + * rss_language is now modifiable through wp-admin panel. + Thanks to Lionel Elie Mamane (Closes: #461584) + * Makes Wordpress depend on tinymce (>= 3.0.7) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Mon, 05 May 2008 23:39:35 +0200 + +wordpress (2.5.1-2) unstable; urgency=low + + * Wordpress provides a MODIFIED tinymce (Closes: #478257) + * Setup-mysql script modified to handle SECURITY_KEY. (Closes: #478515) + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Mon, 28 Apr 2008 18:45:10 +0200 + +wordpress (2.5.1-1) unstable; urgency=high + + * Merged with upstream 2.5.1 security release + * CVE-2008-1930 integrity protection vulnerability (Closes: #477910) + * Depends on tinymce + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Sat, 26 Apr 2008 19:08:14 +0200 + +wordpress (2.5.0-2) unstable; urgency=low + + * New maintainer. (Closes: #473451: ITA: wordpress -- weblog manager) + * Doesn't have a sane upload directory set (Closes: #430781) + * Don't embedd prototype/scriptaculous (Closes: #475284 + + -- Andrea De Iacovo <andrea.de.iacovo@gmail.com> Fri, 18 Apr 2008 20:50:26 +0100 + +wordpress (2.5.0-1) unstable; urgency=low + + [ Kai Hendry ] + * New Upstream Version + + [ Lionel Elie Mamane ] + * Import translations as of 2008-04-01: + ca.po, fr_FR, id_ID, ja, pt_PT, ru_RU, sr_RS + * Update French theme to 2.5.0 + + -- Lionel Elie Mamane <lmamane@debian.org> Wed, 02 Apr 2008 00:33:30 +0200 + +wordpress (2.3.3+fr-2) unstable; urgency=low + + * Update French translation to 2.3.3 upstream version. + + -- Lionel Elie Mamane <lmamane@debian.org> Mon, 03 Mar 2008 11:09:56 +0100 + +wordpress (2.3.3+fr-1) unstable; urgency=low + + * Add French language support back (accidentally dropped in 2.3.2-1, + closes: #461617) + + -- Lionel Elie Mamane <lmamane@debian.org> Sat, 09 Feb 2008 09:44:24 +0100 + +wordpress (2.3.3-1) unstable; urgency=high + + * New upstream security release: + http://wordpress.org/development/2008/02/wordpress-233/ + - Fix for security flaw in XML-RPC implementation (CVE-2008-0664, + closes: #464170) and http://trac.wordpress.org/ticket/5313 + + -- Kai Hendry <hendry@iki.fi> Tue, 05 Feb 2008 16:22:57 +0000 + +wordpress (2.3.2+fr-1) unstable; urgency=low + + * Add French language support (Closes: #461617) + * Bump up Standards-Version to 3.7.3 + * Move Homepage from description to dpkg field + * Tweak description to make it less advertisy + * Consistently prefer php5 over php4 in dependency alternatives + * Don't override local admin's idea of permissions on + /etc/wordpress/config-* on every upgrade. + + -- Lionel Elie Mamane <lmamane@debian.org> Mon, 21 Jan 2008 23:08:32 +0100 + +wordpress (2.3.2-1) unstable; urgency=high + + * New upstream security release + * http://wordpress.org/development/2007/12/wordpress-232/ + * new version 2.3.2 fixes security bugs (Closes: #459305) + + -- Kai Hendry <hendry@iki.fi> Sun, 06 Jan 2008 18:12:21 +0000 + +wordpress (2.3.1-1) unstable; urgency=high + + * New upstream security release + * http://wordpress.org/development/2007/10/wordpress-231/ + * should depend on php4-gd | php5-gd (Closes: #447492) + php4-gd | php5-gd moves from suggests to depends + * Bugs closed in this release: + http://trac.wordpress.org/query?status=closed&milestone=2.3.1 + + -- Kai Hendry <hendry@iki.fi> Sun, 28 Oct 2007 17:20:12 +0000 + +wordpress (2.3-1) unstable; urgency=low + + * New upstream release + * Maintainer meets upstream: + http://flickr.com/photos/hendry/1468125949/ + * http://wordpress.org/development/2007/09/wordpress-23/ + + -- Kai Hendry <hendry@iki.fi> Mon, 01 Oct 2007 23:51:59 +0100 + +wordpress (2.2.3-1) unstable; urgency=high + + * New upstream security release + * http://wordpress.org/development/2007/09/wordpress-223/ + * wordpress debian config overrides $file, $server in upstream php + files (Closes: #440572) + + -- Kai Hendry <hendry@iki.fi> Mon, 10 Sep 2007 19:36:34 +0100 + +wordpress (2.2.2-1) unstable; urgency=high + + * New upstream security release + * http://wordpress.org/development/2007/08/wordpress-222-and-2011/ + * Bugs closed http://trac.wordpress.org/query?status=closed&milestone=2.2.2 + * Changed files + http://trac.wordpress.org/changeset?new=branches%2F2.2%405849&old=branches%2F2.2%405725 + * Several vulnerabilities detected (XSS, SQL-injection) (Closes: + #435848) + * wp-config.php breaks when accessed with port (Closes: #435289) + + -- Kai Hendry <hendry@iki.fi> Sun, 05 Aug 2007 09:59:15 +0100 + +wordpress (2.2.1-1) unstable; urgency=high + + * New upstream release + * http://wordpress.org/development/2007/06/wordpress-221/ + * Needs to use libphp-phpmailer (Closes: #429346) + * [CVE-2007-3215] remote shell command injection in PHPMailer (Closes: + #429194) + * remote SQL injection vulnerability (Closes: #428073) + + -- Kai Hendry <hendry@iki.fi> Sat, 23 Jun 2007 12:47:10 +0100 + +wordpress (2.2-1) unstable; urgency=low + + * New upstream release + * http://wordpress.org/development/2007/05/wordpress-22/ + + -- Kai Hendry <hendry@iki.fi> Wed, 16 May 2007 09:54:36 +0100 + +wordpress (2.1.3-1) unstable; urgency=high + + * New upstream security release + * http://wordpress.org/development/2007/04/wordpress-213-and-2010/ + * attempt to create a link into /srv/www/, directory which may not + exist (Closes: #409258) + + -- Kai Hendry <hendry@iki.fi> Wed, 04 Apr 2007 20:35:40 +0100 + +wordpress (2.1.2-1) unstable; urgency=high + + * New upstream security release + * possible security issue (Closes: #413171) + * http://trac.wordpress.org/ticket/3879 + * http://wordpress.org/development/2007/03/upgrade-212/ + + -- Kai Hendry <hendry@iki.fi> Sun, 4 Mar 2007 20:53:12 +0000 + +wordpress (2.1.1-1) unstable; urgency=high + + * New upstream security release + * Updated copyright with new download link + * http://wordpress.org/development/2007/02/new-releases + * http://trac.wordpress.org/milestone/2.1.1 + * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049 + + -- Kai Hendry <hendry@iki.fi> Wed, 21 Feb 2007 11:14:33 +0000 + +wordpress (2.1.0-1) unstable; urgency=low + + * New upstream release + * http://wordpress.org/development/2007/01/ella-21/ + * Thanks to #debian-devel's Sesse and seanius to help fix the execute perm + problems on wp-includes/ + * Modified Blogroll to point only to Planet Debian + + -- Kai Hendry <hendry@iki.fi> Tue, 23 Jan 2007 14:47:30 +0000 + +wordpress (2.0.7-1) unstable; urgency=low + + * New upstream release + * New upstream available (security fix) (Closes: #407116) + * Thanks to Fabio Tranchitella and Moritz Muehlenhoff for their support + * Improved the copyright at Moritz's request + * Moritz says the security fix does not apply to Debian's PHP hence low + urgency + * See http://wordpress.org/development/2007/01/wordpress-207/ for details of + minor changes + * Tweaked the dependency line for better php5 support + * setup-mysql -h minor usage summary error + should be executable + (Closes: #407496) + + -- Kai Hendry <hendry@iki.fi> Fri, 19 Jan 2007 10:35:57 +0000 + +wordpress (2.0.6-1) unstable; urgency=high + + * New upstream release + * Security fix, urgency high. + * FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()" + Function Client-Side Cross Site Scripting Vulnerability. + (Closes: #405299, #405691) + + -- Kai Hendry <hendry@iki.fi> Fri, 5 Jan 2007 14:04:56 +0000 + +wordpress (2.0.5-0.1) unstable; urgency=medium + + * NMU on maintainer's request. + * Security fix, urgency medium. + * readme.html: s/license.txt/copyright/. (Closes: #382283) + * New upstream release, which fixes: + - CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup + plugin for WordPress. (Closes: #384800) + + -- Fabio Tranchitella <kobold@debian.org> Fri, 3 Nov 2006 15:12:06 +0100 + +wordpress (2.0.4-2) unstable; urgency=low + + * examples/setup-mysql doesn't work with dash (Closes: #372128) + * installs apache AND apache2 by default (Closes: #379118) + Many thanks to Fabio Tranchitella and Jesus Climent + * "Publish" produces broken links (Closes: #367001) + Disabled "Rich editor" by default + + -- Kai Hendry <hendry@iki.fi> Sun, 6 Aug 2006 12:39:56 +0100 + +wordpress (2.0.4-1) unstable; urgency=high + + * New upstream release + * examples/setup-mysql doesn't work with dash (Closes: #372128) + + -- Kai Hendry <hendry@iki.fi> Sun, 6 Aug 2006 11:59:39 +0100 + +wordpress (2.0.3-1) unstable; urgency=high + + * New upstream release + * 'Cache' shell injection vulnerability (Closes: #369014) + + -- Kai Hendry <hendry@iki.fi> Fri, 2 Jun 2006 21:00:51 +0900 + +wordpress (2.0.2-2) unstable; urgency=high + + * setup-mysql fails if the domain contains a port number (Closes: + #362171) + * Insecure file permissions in /etc/wordpress (Closes: #363580) + * Added a postinst to help users correct permissions + + -- Kai Hendry <hendry@iki.fi> Thu, 20 Apr 2006 10:12:56 +0900 + +wordpress (2.0.2-1) unstable; urgency=high + + * New upstream release + * 'This would have been out sooner, if I wasn't in hospital' release ;) + * Changed blogroll link to Planet Debian + * Altered 'plugin policy', it's now DIY + * mysql syntax error when running setup-mysql script (Closes: #355958) + * Several vulnerabilities discovered by 'snake oil' Neo Security Team + (Closes: #355055) + http://somethingunpredictable.com/archives/01/03/2006/wordpress-vulnerabilities-bogus/ + * http://wordpress.org/development/2006/03/security-202/ + + -- Kai Hendry <hendry@iki.fi> Mon, 13 Mar 2006 12:44:44 +0900 + +wordpress (2.0.1-1) unstable; urgency=low + + * New upstream release + * CSS Security Vulnerability (Closes: #328909) + * Please announce that upgrade.php needs to be run after update + (Closes: #348458) + + -- Kai Hendry <hendry@iki.fi> Thu, 2 Feb 2006 11:22:31 +0900 + +wordpress (2.0-1) unstable; urgency=low + + * New upstream release + * Closes: #320462: Wordpress replaces valid characters in urls with + HTML entities, breaking the URL + * Closes: #326685: Incorrectly mangles URLs using the wptexturize + function + * Closes: #347339: Wordpress version 2 is available + * Closes: #345508: Should have a dependancy on the php5-gd package + + -- Kai Hendry <hendry@iki.fi> Fri, 13 Jan 2006 03:58:59 +0000 + +wordpress (1.5.2-2) unstable; urgency=low + + * Now with support for PHP5 + * Requires mysql-server when the server can actually be on a remote + server (Closes: #328554) + + -- Kai Hendry <hendry@iki.fi> Thu, 22 Sep 2005 13:56:50 +1000 + +wordpress (1.5.2-1) unstable; urgency=high + + * New upstream "security fix" release + * Closes: #323040: CAN-2005-2612 + * See: http://wordpress.org/development/2005/08/one-five-two/ + + -- Kai Hendry <hendry@iki.fi> Fri, 19 Aug 2005 10:58:17 +1000 + +wordpress (1.5.1.3-4) unstable; urgency=medium + + * 'I really should have tested this on another machine' release + * Closes: #319007: dbconfig dep screws upgrade + + -- Kai Hendry <hendry@iki.fi> Tue, 19 Jul 2005 20:03:10 +1000 + +wordpress (1.5.1.3-3) unstable; urgency=low + + * Improved the setup-mysql script for Wordpress MASS hosting with Apache's + VirtualDocumentRoot + + -- Kai Hendry <hendry@iki.fi> Fri, 15 Jul 2005 10:50:59 +1000 + +wordpress (1.5.1.3-2) unstable; urgency=high + + * The no XML-RPC vulnerabilities here release. ;) + * Strongly advised to upgrade due to inconsistencies between 1.5.1.3-1 orig + tar.gz and the upstream 1.5.1.3 latest.tar.gz after checking. + * Closes: #312721: wordpress does not see mysql + * Changed upstream's default links. Controversial? + + -- Kai Hendry <hendry@iki.fi> Fri, 8 Jul 2005 12:11:23 +1000 + +wordpress (1.5.1.3-1) unstable; urgency=high + + * New upstream release + * Yet another security release: + http://wordpress.org/development/2005/06/wordpress-1513 + + -- Kai Hendry <hendry@iki.fi> Thu, 30 Jun 2005 15:25:27 +1000 + +wordpress (1.5.1.2-1) unstable; urgency=high + + * New upstream release + * Another security release: + http://wordpress.org/development/2005/05/security-update/ + + -- Kai Hendry <hendry@iki.fi> Sun, 29 May 2005 00:52:39 +1000 + +wordpress (1.5.1-1) unstable; urgency=high + + * Upstream changelog is here: + http://codex.wordpress.org/Changelog/1.5.1 + * Fixes an unannounced "important security fix" + + -- <hendry@cs.helsinki.fi> Tue, 10 May 2005 01:48:34 +0100 + +wordpress (1.5.0-2) unstable; urgency=low + + * Thanks to NOKUBI Takatsugu and the Debian Japan people for making this + release possible + * Moved mysql setup out of postinst allowing multiple blogs on the host at + the loss of automated mysql setup. + * Closes: #298563: incompatible with mysql-server-4.1 + * Closes: #298571: multiple installation support + * Closes: #300200: multiple installation support + * Closes: #300757: How would one add plugins to wordpress ? + + -- Kai Hendry <hendry@cs.helsinki.fi> Sat, 23 Apr 2005 15:17:45 +0900 + +wordpress (1.5.0-1) unstable; urgency=high + + * Closes: #275814: New version fixes security flaws + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1559 + * Closes: #288613: /usr/share/wordpress/readme.html missing + * Closes: #287086: new upstream 1.2.2 + * Added some NEWS that users will find helpful in the upgrade + + -- Kai Hendry <hendry@cs.helsinki.fi> Fri, 25 Feb 2005 07:11:47 +0200 + +wordpress (1.2.2-1.1) unstable; urgency=medium + + * NMU + * Thank you Dominic Hargreaves and svn-upgrade + + -- Kai Hendry <hendry@cs.helsinki.fi> Sat, 18 Dec 2004 09:32:14 +0200 + +wordpress (1.2.1-1.1) unstable; urgency=medium + + * NMU + * Closes: #275814: New upstream release that fixes security problem + detailed: http://secunia.com/advisories/12773/ + * Closes: #276112: Need more complete README.Debian for new users + Added some detail to README.Debian + * Escaped a mysql line in the postrm that might avoid a bug. + + -- Kai Hendry <hendry@cs.helsinki.fi> Sat, 27 Nov 2004 16:48:32 +0200 + +wordpress (1.2.0-1.1) unstable; urgency=low + + * NMU + * Closes: #250812: New upstream + * Closes: #251653: apache2 support + * Closes: #255121: conffiles not marked + * Revised dependency on mysql-server otherwise debian-sys-maint will never work + * Thanks to Teemu Hukkanen, Corey Wright, Christian Hammers and Matt Mullenweg + + -- Kai Hendry <hendry@cs.helsinki.fi> Thu, 12 Aug 2004 21:50:04 +0300 + +wordpress (1.0.2-1) unstable; urgency=low + + * New upstream release + * New package description (Closes: #237137) + * Made a plain text version of readme.html + + -- Gabriel Rodríguez Alberich <chewie@the-geek.org> Sun, 21 Mar 2004 18:25:20 +0000 + +wordpress (1.0.1-1) unstable; urgency=low + + * Initial release (Closes: #230034) + + -- Gabriel Rodríguez Alberich <chewie@the-geek.org> Thu, 26 Feb 2004 19:37:33 +0000 |