Package: wordpress / 3.6.1+dfsg-1~deb7u10
Metadata
Package | Version | Patches format |
---|---|---|
wordpress | 3.6.1+dfsg-1~deb7u10 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
cs27976_priv_esc | (download) |
wp-admin/includes/class-wp-posts-list-table.php |
2 1 + 1 - 0 ! |
--- |
cs28054_auth_cookie | (download) |
wp-includes/pluggable.php |
2 1 + 1 - 0 ! |
--- |
cs27873_hardening_pingback | (download) |
wp-includes/class-wp-xmlrpc-server.php |
7 7 + 0 - 0 ! |
--- |
001readme.patch | (download) |
readme.html |
2 1 + 1 - 0 ! |
fixing reame file |
003installer.patch | (download) |
wp-admin/install.php |
5 5 + 0 - 0 ! |
patching install.php to permit a valid upload path |
010disabling_update_note.patch | (download) |
wp-admin/includes/update.php |
2 2 + 0 - 0 ! |
disabled the the "please update" warning, thanks to hans spaans and rolf leggewie (closes: #506685) |
011support symlinks for plugins.patch | (download) |
wp-admin/includes/plugin.php |
11 8 + 3 - 0 ! |
support symlinks for plugin directories |
mu.patch | (download) |
wp-admin/network.php |
10 5 + 5 - 0 ! |
--- |
cs28073_edit_post | (download) |
wp-admin/includes/post.php |
8 4 + 4 - 0 ! |
ensure edit_post() promotes an auto-draft to draft. Fixes Quick Draft |
cs28114_nostomp_postdata | (download) |
wp-admin/includes/post.php |
5 5 + 0 - 0 ! |
avoid stomping of bulk postdata inside the bulk_edit_posts() loop. |
cs29405_ignore_xml | (download) |
wp-includes/class-IXR.php |
32 29 + 3 - 0 ! |
ignore entities in xml-rpc requests |
cs29390_disable_id3_entities | (download) |
wp-includes/ID3/getid3.lib.php |
11 6 + 5 - 0 ! |
disable external entities in id3. |
cs29384_time_nonce | (download) |
wp-includes/compat.php |
29 29 + 0 - 0 ! |
constant time for wp_verify_nonce() |
cs29408_delim_nonce | (download) |
wp-includes/pluggable.php |
6 3 + 3 - 0 ! |
use delimiters when building nonce hashes |
cs29398_escape_get_avatar | (download) |
wp-includes/pluggable.php |
3 2 + 1 - 0 ! |
--- |
374to375 | (download) |
wp-admin/includes/image.php |
6 6 + 0 - 0 ! |
--- |
cs32163_query_sanity_checks | (download) |
wp-includes/wp-db.php |
792 743 + 49 - 0 ! |
--- |
cs32165_sanitize_orderby | (download) |
wp-includes/formatting.php |
22 12 + 10 - 0 ! |
--- |
cs32174_multisite_switch | (download) |
wp-includes/capabilities.php |
12 8 + 4 - 0 ! |
--- |
cs32176_dashboard_esc_titles | (download) |
wp-admin/includes/class-wp-comments-list-table.php |
4 2 + 2 - 0 ! |
--- |
cs32234_wpdb_query_sanity | (download) |
wp-includes/wp-db.php |
21 20 + 1 - 0 ! |
--- |
cs32307_dbstring_length | (download) |
wp-includes/wp-db.php |
114 114 + 0 - 0 ! |
sanity check strings too long XSS bug if you send >64kB long comments |
cs33529_xss_widget_title | (download) |
wp-includes/default-widgets.php |
2 1 + 1 - 0 ! |
nav menus: consistent titles in widgets Prevent XSS attack in widget titles CVE-2015-5732 |
cs33542_post_lock_release | (download) |
wp-admin/includes/post.php |
2 1 + 1 - 0 ! |
heartbeat: ensure post locks are released. Prevent an attacker from locking a post from being edited CVE-2015-5731 |
cs33555_ids_are_integers | (download) |
wp-includes/post.php |
7 4 + 3 - 0 ! |
ids are integers Remove source of SQL Injection CVE-2015-2213 |
cs33359_reliable_shortcode | (download) |
wp-includes/class-wp-embed.php |
6 5 + 1 - 0 ! |
cve-2015-5622 improve reliability of shortcodes There are no shortcode input escaping functions available in core even though the Shortcode API is increasingly strict about not allowing special characters inside shortcode attributes. |
cs33549_xss_theme_view | (download) |
wp-includes/theme.php |
24 3 + 21 - 0 ! |
themes: fix some broken links in the legacy theme preview CVE-2015-5734 |
cs34137_escape_email | (download) |
wp-admin/includes/class-wp-ms-users-list-table.php |
2 1 + 1 - 0 ! |
escape email addresses |
cs34144_shortcode_close_elements | (download) |
wp-includes/media.php |
2 2 + 0 - 0 ! |
don't allow unclosed html elements in attributes CVE-2015-5714 |
cs34151_unsticky_private_posts | (download) |
wp-includes/class-wp-xmlrpc-server.php |
4 2 + 2 - 0 ! |
xmlrpc: don't allow private posts to be sticky. CVE-2015-5715 |
cs36185_xss_theme | (download) |
wp-includes/class-wp-theme.php |
6 3 + 3 - 0 ! |
stop xss in theme title Backport of changeset 36185 Fixes CVE-2016-1564 |
cs36435_http_valid_ip | (download) |
wp-includes/http.php |
2 1 + 1 - 0 ! |
http: 0.1.2.3 is not valid ip Check for IP address starting with 0. |
cs36444_plug_valid_redirect | (download) |
wp-includes/pluggable.php |
12 10 + 2 - 0 ! |
better validation of the url used in http redirects. |