Wordpress package security issue

Asked by ubuntu-tester

Hello Everybody,

"WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately." => https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

So, I would like to know if the versions of Wordpress on Ubuntu 14.04 (3.8.2+dfsg-1ubuntu0.1 0) and Ubuntu 12.04 (3.3.1+dfsg-1 0) have a security issue ?
If yes, why this security issue is not treated ? (On Ubuntu 14.04, the last security update was in 2014).

user@ubuntu1404:~$ aptitude changelog wordpress

wordpress (3.8.2+dfsg-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: upstream security and bug fixes (LP: #1395336):
    - 3.8.3:
      - Post collision bug fix (wp-admin/includes/post.php)
    - 3.8.4:
      - CVE-2014-2053 (wp-includes/ID3/getid3.lib.php)
      - CVE-2014-5265 CVE-2014-5266 (wp-includes/class-IXR.php)
      - CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 (wp-includes/pluggable.php)
      - Constant time wp_verify_nonce (wp-includes/compat.php)
    - 3.8.5:
      - three cross-site scripting issues
      - cross-site request forgery to trigger password change
      - DoS when passwords are checked
      - protections against server-side request forgery attacks
      - hash collision on pre-2008 logins
      - invalidate links from password reset emails after use

 -- Kees Cook <email address hidden> Sat, 22 Nov 2014 07:50:29 -0800
...

Thanks. Have a good day !

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu wordpress Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

I suggest you report a bug. Add your text as detail. If they are vulnerable it will be updated sooner.

Mark the bug as a security bug

Revision history for this message
Manfred Hampl (m-hampl) said :
#2

Can you help with this problem?

Provide an answer of your own, or ask ubuntu-tester for more information if necessary.

To post a message you must log in.