kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/wordpress/distinfo
morr ebbfe6b81c Security update to 4.0.1. 
Changes:
- Three cross-site scripting issues that a contributor or author could use to
  compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
  their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
  makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
  compromised, that also required that they haven’t logged in since 2008 (I
  wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
  remembers their password, logs in, and changes their email address.

More details on http://codex.wordpress.org/Version_4.0.1.
2014-11-24 19:08:53 +00:00

5 lines
251 B
Text
Raw Blame History

$NetBSD: distinfo,v 1.35 2014/11/24 19:08:53 morr Exp $
SHA1 (wordpress-4.0.1.tar.gz) = ef1bd7ca90b67e6d8f46dc2e2a78c0ec4c2afb40
RMD160 (wordpress-4.0.1.tar.gz) = 09269a66df5a92716c3ba5e7d395d8805a5949ba
Size (wordpress-4.0.1.tar.gz) = 6054753 bytes
Reference in a new issue View git blame Copy permalink