[SAC] wordpress - Fwd: 4 Debian package update(s) for projects.osgeo.osuosl.org
Markus Neteler
neteler at osgeo.org
Thu Jul 11 06:58:36 PDT 2013
Hi SAC,
the wordpress user(s) on the projectsVM should please take care of this update.
Markus
---------- Forwarded message ----------
From: root <root at projects.osgeo.osuosl.org>
Date: Thu, Jul 11, 2013 at 3:25 PM
Subject: 4 Debian package update(s) for projects.osgeo.osuosl.org
apticron report [Thu, 11 Jul 2013 06:25:27 -0700]
========================================================================
apticron has detected that some packages need upgrading on:
projects.osgeo.osuosl.org
[ 140.211.15.75 ]
The following packages are currently pending an upgrade:
libpoppler5 0.12.4-1.2+squeeze3
poppler-utils 0.12.4-1.2+squeeze3
wordpress 3.5.2+dfsg-1~deb6u1
wordpress-l10n 3.5.2+dfsg-1~deb6u1
========================================================================
Package Details:
Reading changelogs...
--- News for wordpress (wordpress wordpress-l10n) ---
wordpress (3.5+dfsg-1) unstable; urgency=low
This version drops the "twentyten" theme and introduces the
"twentytwelve" theme. If your website uses the "twentyten" theme
you might want to keep it around:
sudo rm /var/lib/wordpress/wp-content/themes/twentyten && \
sudo cp -a /usr/share/wordpress/wp-content/themes/twentyten \
/var/lib/wordpress/wp-content/themes/
The above command assumes that the package has not yet been upgraded.
Otherwise you'll have to download it from
http://wordpress.org/extend/themes/twentyten and unpack it
in /var/lib/wordpress/wp-content/themes/.
-- Raphaël Hertzog <hertzog at debian.org> Fri, 21 Dec 2012 14:02:06 +0100
wordpress (3.4+dfsg-1) unstable; urgency=low
1/ The default configuration now sets WP_CONTENT_DIR to
/var/lib/wordpress/wp-content to respect the FHS and to cleanly allow the
installation of local plugins and themes. You might have to adjust your
Apache configuration with a directive to override the default wp-content
directory with this one. For a dedicated virtual host, it could be the this:
Alias /wp-content /var/lib/wordpress/wp-content
If you want to disable this default setting and come back to the former
situation, you can add this in your /etc/wordpress/config-*.php
configuration file:
define( 'DONT_SET_WP_CONTENT_DIR', true);
2/ The "default" and "default-fr" theme are gone. If you're using one of
them, make sure to install them manually in
/var/lib/wordpress/wp-content/themes.
-- Raphaël Hertzog <hertzog at debian.org> Fri, 15 Jun 2012 12:00:07 +0200
--- Changes for poppler (libpoppler5 poppler-utils) ---
poppler (0.12.4-1.2+squeeze3) oldstable-security; urgency=high
* Upload to oldstable-security.
-- Michael Gilbert <mgilbert at debian.org> Sun, 07 Jul 2013 18:46:43 +0000
poppler (0.12.4-1.2+squeeze2) stable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1788: invalid memory access issues.
* Fix cve-2013-1790: uninitialized memory issue.
-- Michael Gilbert <mgilbert at debian.org> Fri, 05 Jul 2013 21:25:34 +0000
--- Changes for wordpress (wordpress wordpress-l10n) ---
wordpress (3.5.2+dfsg-1~deb6u1) squeeze-security; urgency=high
* Non-maintainer upload by the Security Team.
* Import wordpress from Jessie to fix all the security issues present in
Squeeze.
-- Yves-Alexis Perez <corsac at debian.org> Sat, 29 Jun 2013 13:49:37 +0200
wordpress (3.5.2+dfsg-1) unstable; urgency=low
* New upstream release with many security fixes. Closes: #713947
* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can
reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin.
CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.
* Additional security hardening includes:
* Cross-Site Scripting (XSS) (Low Severity) when Editing Media.
CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating
Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
* Update the Vcs-Git and Vcs-Browser URLs.
* Update Standards-Version to 3.9.4.
-- Raphaël Hertzog <hertzog at debian.org> Tue, 25 Jun 2013 15:52:07 +0200
wordpress (3.5.1+dfsg-2) unstable; urgency=low
* Only replace tinymce files by symlinks if the content is exactly the same.
Closes: #700289
* Update debian/get-upstream-i18n to include supplementary PO files
and use a more efficient method to update them. Closes: #697208
-- Raphaël Hertzog <hertzog at debian.org> Mon, 11 Feb 2013 13:56:18 +0100
wordpress (3.5.1+dfsg-1) unstable; urgency=low
* New upstream maintenance and security release. Closes: #698916
-- Raphaël Hertzog <hertzog at debian.org> Mon, 28 Jan 2013 17:15:27 +0100
wordpress (3.5+dfsg-1) unstable; urgency=low
* New upstream release.
* Fix sample apache.conf so that Alias directives are in the proper order
(from the most specific to the less specific). Closes: #693122
Thanks to Jérôme Marant for the report.
* Update debian/missing-sources/ with latest upstream changes.
* Update all translations.
* Try to deduplicate (i.e. replace with symlinks) backbone.js and
underscore.js too.
* Drop debian/patches/006rss_language.patch, the rss_language option
is no longer used.
* Update/refresh all other patches on top of the new release.
* Update lintian overrides and debian/wordpress.linktrees to match the
latest changes concerning javascript libraries shipped by WordPress.
* Document the loss of the twentyten theme.
-- Raphaël Hertzog <hertzog at debian.org> Fri, 21 Dec 2012 14:17:50 +0100
wordpress (3.4.2+dfsg-1) unstable; urgency=low
* New upstream security & bugfix release.
* Also setup languages symlink in setup-mysql. Closes: #684628
Thanks to Jun NOGATA <nogajun at gmail.com> for the analysis.
* Add new patch 011support-symlinks-for-plugins.patch grabbed
in the upstream ticket to allow plugin directories to be
symlinks (which is required for the Debian package since
we put symlinks in /var/lib/wordpress/wp-content/plugins/).
Closes: #686228
-- Raphaël Hertzog <hertzog at debian.org> Wed, 12 Sep 2012 14:52:14 +0200
wordpress (3.4.1+dfsg-1) unstable; urgency=high
* New upstream security & bugfix release. Closes: #680721
Fixes CVE-2012-3383, CVE-2012-3384, CVE-2012-3385.
-- Raphaël Hertzog <hertzog at debian.org> Tue, 03 Jul 2012 08:36:08 +0200
wordpress (3.4+dfsg-3) unstable; urgency=low
* [f7a1c09] Drop useless postrm.
* [d92219b] Add a prerm script calling wp-setup --purge-wp-content on
remove. Closes: #678842
* [2fbf903] Allow wp-setup to symlink files as well as directories.
* [cef928f] Let wp-setup also manage
/var/lib/wordpress/wp-content/languages/.
* [ac86408] Densify output of wp-setup.
-- Raphaël Hertzog <hertzog at debian.org> Tue, 26 Jun 2012 10:47:25 +0200
wordpress (3.4+dfsg-2) unstable; urgency=low
* [2e63535] Merge unused debian/NEWS into debian/wordpress.NEWS so that
users are correctly informed of the latest changes.
* [e3b7b1c] Improve preinst to also move the
/usr/share/wordpress/wp-content/uploads directory to its new location in
/var/lib/wordpress/wp-content/. The package never created this directory
but many users probably created it and we need to do this to let dpkg
install the symlink that we put into place.
* [5c0a29b] Add a trigger that watches /usr/share/wordpress/wp-content.
When activated, it will execute wp-setup --sync-wp-content
which updates /var/lib/wordpress/wp-content/ with symlinks
to plugins/themes that have been added and it drops symlinks
to plugins/themes which have disappeared. (Closes: #677889)
-- Raphaël Hertzog <hertzog at debian.org> Thu, 21 Jun 2012 20:44:53 +0200
wordpress (3.4+dfsg-1) unstable; urgency=low
* New upstream release. Closes: #677534
[ Raphaël Hertzog ]
* [a1c0409] Refresh and update all patches to correctly apply on version
3.4.
* [3804496] Update debian/missing-sources/ to match the current versions of
embedded javascript and flash files.
* [185b051] Drop the old "default" theme (and its French translation)
* [966ce6c] Grab latest translations
* [1983326] Update Standards-Version to 3.9.3 (no change).
* [29c48b6] Increase debhelper compat level to 9.
* [73e16d0] Replace debian/dh_linktree by the packaged version.
* [359b660] Update debian/wordpress.linktrees to match latest developments.
* [645b650] Let setup-mysql lowercase the FQDN since the configuration
scheme expects this. Thanks to Chris Butler <chrisb at debian.org> for the
report (Closes: #658395)
* [5433e90] Fix setup-mysql to avoid creating /srv/www with restricted
permissions (Closes: #616400)
* [dd2ef1d] Move back wp-config.php to /usr/share/wordpress/ since it's only
a dispatcher to the real configuration file (Closes: #592502)
* [b602372] Improve wp-config.php so that WordPress works behind an https
reverse-proxy.
* [ba0b729] Entirely update and rewrite README.debian. (Closes: #575985,
#639980)
* [683a908] Update wp-config.php to not redefine constants which have
already been set. Thanks to Richard van den Berg <richard at vdberg.org> for
the report. (Closes: #613283)
* [315eb68] Let wordpress-l10n depend on the same version than wordpress.
(Closes: #623557)
* [a6d0b9f] Default configuration now sets WP_CONTENT_DIR to
/var/lib/wordpress/wp-content. And the package provides this new directory
appropriately setup with write rights to www-data on blogs.dir and
uploads. themes and plugins are root-owned directories with symlinks
pointing back to the default themes and plugins. (Closes: #675469)
* [4db98c6] Update setup-mysql to use WP_CONTENT_DIR (and no longer use
$upload_dir). (Closes: #658508)
* [a1970da] Extend debian/wordpress.linktrees to cover swfobject.js.
* [8d46dab] Use dpkg-maintscript-helper to drop obsolete
/etc/wordpress/wp-config.php
[ Martin Bagge / brother ]
* [56d0a34] Improve the setup script to be able to use a remote MySQL
server.
-- Raphaël Hertzog <hertzog at debian.org> Sat, 16 Jun 2012 01:19:20 +0200
========================================================================
You can perform the upgrade by issuing the command:
aptitude full-upgrade
as root on projects.osgeo.osuosl.org
--
apticron
More information about the Sac
mailing list