Security Information / 2012 / Security Information -- DSA-2470-1 wordpress

Debian Security Advisory

DSA-2470-1 wordpress -- several vulnerabilities

Date Reported:

11 May 2012

Affected Packages:

wordpress

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 670124.
In Mitre's CVE dictionary: CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404.

More information:

Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.

This means extra care should be taken when upgrading, especially when using third-party plugins or themes, since compatibility may have been impacted along the way. We recommend that users check their install before doing the upgrade.

For the stable distribution (squeeze), those problems have been fixed in version 3.3.2+dfsg-1~squeeze1.

For the testing distribution (wheezy) and the unstable distribution (sid), those problems have been fixed in version 3.3.2+dfsg-1.

We recommend that you upgrade your wordpress packages.