Wordpress package security issue
Hello Everybody,
"WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately." => https:/
So, I would like to know if the versions of Wordpress on Ubuntu 14.04 (3.8.2+
If yes, why this security issue is not treated ? (On Ubuntu 14.04, the last security update was in 2014).
user@ubuntu1404:~$ aptitude changelog wordpress
wordpress (3.8.2+
* SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
- 3.8.3:
- Post collision bug fix (wp-admin/
- 3.8.4:
- CVE-2014-2053 (wp-includes/
- CVE-2014-5265 CVE-2014-5266 (wp-includes/
- CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/
- Constant time wp_verify_nonce (wp-includes/
- 3.8.5:
- three cross-site scripting issues
- cross-site request forgery to trigger password change
- DoS when passwords are checked
- protections against server-side request forgery attacks
- hash collision on pre-2008 logins
- invalidate links from password reset emails after use
-- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
...
Thanks. Have a good day !
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu wordpress Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask ubuntu-tester for more information if necessary.