wordpress (3.0.1-1ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: SQL Injection vulnerability in the trackback
    functions. (LP: #716641)
    - debian/patches/CVE-2010-4257.patch
    - CVE-2010-4257
    - http://wordpress.org/news/2010/11/wordpress-3-0-2/ 

 -- Mahyuddin Susanto <udienz@ubuntu.com>  Sun, 13 Feb 2011 21:51:55 +0700

wordpress (3.0.1-1ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/011kses.patch: fix several issues in the KSES HTML
      sanitization library
    - LP: #695646
    - CVE-XXXX-XXXX

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 31 Dec 2010 10:48:01 -0600

wordpress (3.0.1-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable.  Remaining changes: (LP: #614613)
    -  debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Artur Rona <ari-tczew@tlen.pl>  Sat, 07 Aug 2010 01:28:32 +0200

wordpress (3.0.1-1) unstable; urgency=low

  * [e6e4f09] Updated watch file
  * [12dd7cd] Imported Upstream version 3.0.1
  * [7f03621] Bump to standards-version 3.9.1, no changes needed

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 04 Aug 2010 16:41:24 +0200

wordpress (3.0-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable.  Remaining changes: LP: #599256
    -  debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Bhavani Shankar <bhavi@ubuntu.com>  Mon, 28 Jun 2010 12:49:22 +0530

wordpress (3.0-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * [a57d26e] Imported Upstream version 3.0 (Closes: #586764)
  * [a74cd68] MU: enable multi-user by default and install the proper
    blogs.dir directory
  * [ffd926e] fix the blogs.dir link
  * [c81081d] Adjust MU setup for Debian installations
  * [c14dd9d] Update language files
  * [6a7296f] Added Raphaël Hertzog in Uploaders
  * [7ea24ff] Updated watch file

  [ Raphaël Hertzog ]
  * [2d1df3e] Update patch debian/patches/001readme.patch
  * [58a772e] Update patch debian/patches/003installer.patch
  * [332abfc] Update patch debian/patches/006rss_language.patch
  * [ee99544] Update patch debian/patches/008CVE2008-2392.patch
  * [b960914] Refresh patch debian/patches/009CVE2008-6767.patch
  * [511eea7] Refresh patch
    debian/patches/010disabling_update_note.patch
  * [22c5015] Refresh patch debian/patches/manifest.patch
  * [7cfe147] Switch to source format 3.0 (quilt).
  * [8c86759] Add back the default theme that has been dropped upstream
  * [390188e] Adjust links and rules to cope with removal of
    scriptaculous/prototype.js
  * [1313b13] Add package prefix to many debian/ files for clarity
  * [c4e7651] Switch to dh7 tiny rules file and general cleanup of the
    build process.
  * [625cdbb] Updated Vcs-Git/Vcs-Browser to point to the collab-maint
    repository.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 27 Jun 2010 15:47:40 +0200

wordpress (2.9.2-1ubuntu1) lucid; urgency=low

  * Merge from debian testing. (LP: #564393) Remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Andreas Wenning <awen@awen.dk>  Fri, 16 Apr 2010 09:38:21 +0200

wordpress (2.9.2-1) unstable; urgency=low

  * [3f228c1] Imported Upstream version 2.9.2
  * [7965955] Bump to Standards-Version 3.8.4 (no changes)
  * [e86fd59] Updated language files

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 16 Feb 2010 12:41:01 +0100

wordpress (2.9.1-2ubuntu1) lucid; urgency=low

  * Merge from debian testing.  Remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Andreas Wenning <awen@awen.dk>  Wed, 03 Feb 2010 13:40:20 +0100

wordpress (2.9.1-2) unstable; urgency=low

  * [4a7279a] Fixed the security id in wp-admin/menu.php (Closes: #561832) -
    thanks to Franck Nouyrigat
  * [aa0f3a0] Allow site names with dash character. (Closes: #566224) -
    thanks to Mikko Visa
  * [ee0a44e] Updated language files

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 22 Jan 2010 19:07:14 +0100

wordpress (2.9.1-1ubuntu1) lucid; urgency=low

  * Merge from debian testing.  Remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Andreas Wenning <awen@awen.dk>  Fri, 29 Jan 2010 10:32:10 +0100

wordpress (2.9.1-1) unstable; urgency=low

  * [a83b8fd] Imported Upstream version 2.9.1
  * [216890e] Added ${misc:Depends} in Depends
  * [ec95986] Updated language files

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 06 Jan 2010 13:20:35 +0100

wordpress (2.9-1) unstable; urgency=low

  * [fdd001e] Change wordpress-l10n section (localization)
  * [625fa21] Imported Upstream version 2.9
  * [dd9b536] Refreshed patches
  * [1ce2a9d] Do not remove anymore plugins/wordpress/js direcotry
  * [3287ec5] Updated language files (Closes: #556902)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 23 Dec 2009 14:31:36 +0100

wordpress (2.8.6-1ubuntu1) lucid; urgency=low

  * Merge from debian testing(LP: #486316). Remaining changes: 
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 28 Nov 2009 11:01:28 +0530

wordpress (2.8.6-1) unstable; urgency=low

  * [cf87b24] Updated debian/watch (Closes: #555729) - thanks to Hideki
    Yamane
  * [997165e] Imported Upstream version 2.8.6
  * [05395e1] debian/wp-config.php: sanitize $debian_server and do not
    check if $debian_file is under /etc/wordpress (Closes: #549436)
  * [dc016ce] Updated language files

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 14 Nov 2009 12:53:07 +0100

wordpress (2.8.5-1) unstable; urgency=high

  * [b0ebbe1] Imported Upstream version 2.8.5 (Closes: #551841)
    - This version fixes CVE-2009-3622, Wordpress Trackback DoS
  * [cad0da2] Updated languages files
  * [e8438f2] Use /var/log/apache2 directory in the apache example file
    (Closes: #551380)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 21 Oct 2009 21:43:31 +0200

wordpress (2.8.4-3) unstable; urgency=low

  * [dc295db] Provide a more descriptive errror message if the vhost
    config file is not found. (LP: #365783)
  * [c23192a] Depend on libjs-jquery >= 1.3.3-1 (Closes: #544473) -
    thanks to Arnaud Guiton
  * [fd27308] Updated debian/copyright
  * [94ad7d3] Split up the language files into a separate package
  * [08334d7] Updated language files
  * [6682ab3] Updated my email address and removed DM-Upload-Allowed
    control field

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 03 Oct 2009 10:28:16 +0200

wordpress (2.8.4-2) unstable; urgency=low

  * [e582ddd] Removed reference about drag.gif in manifest.php, thanks
    to Michel Meyers (Closes: #517969)
  * [a0d70c8] Do not symlink readme.html, instead install it in
    /usr/share/wordpress
  * [e81e4c3] Depend on tinymce (>= 3.2.6-0.1) and added a proper
    symlink to the tabfocus plugin
  * [0492b02] Added a note in NEWS and README.debian about the secondary
    consequence caused by the previous fix for a possible script
    injection via /etc/wordpress/wp-config.php
  * [6a3c803] Updated language files

 -- Giuseppe Iuculano <giuseppe@iuculano.it>  Wed, 26 Aug 2009 14:53:43 +0200

wordpress (2.8.4-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes: LP: #417322
    -  debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Bhavani Shankar <right2bhavi@gmail.com>  Sat, 22 Aug 2009 16:42:57 +0530

wordpress (2.8.4-1) unstable; urgency=low

  * [5f0812d] Imported Upstream version 2.8.4
  * [e1ea94b] Switch to quilt
  * [cf8904e] Removed Andrea De Iacovo from Maintainer field, thanks
    Andrea for the prior work on wordpress!
  * [6013bd8] Removed 007_REQUEST.patch, upstream already fixed CVE-2008-5113
    in a better way
  * [8da39ea] Removed 004languages.patch, it contains outdated languages
    files
  * [d5696ea] debian/control: Updated Vcs control field
  * [89316e0] debian/rules: Comment the DH_VERBOSE export
  * [cf78bf5] debian/wp-config.php: check if $debian_file is under
    /etc/wordpress and mitigate a possible script injection via
    /etc/wordpress/wp-config.php. Thanks to Raphael Geissert (Closes: #500295)
  * [ece1c25] debian/get-upstream-i18n: Do not remove outdated language
    files by default
  * [59547a2] Do not embed tinymce, php-gettext and cropper. (Closes: #504242)
  * [848828d] debian/postinst: Create the symlinks manually, dpkg
    doesn't replace directories with symlinks. (Closes: #517969)
  * [2af4aea] debian/patches/009CVE2008-6767.patch: Grant upgrade
    privilege to all admin users. Thanks to Ivan Warren (Closes: #541371)
  * [46e8f2b] debian/control: Removed the sentence about the French
    language support, now there are a lot of language files
  * [fcd94c6] debian/control: Remove outdated packages from Depends,
    Suggests, and Conflicts
  * [9c28177] Updated to standards version 3.8.3 (No changes needed)
  * [700156e] Added a README.source (Debian Policy Manual section 4.14)
  * [13a98d5] Updated language files
  * [a86b72a] Do not install readme.html in doc, it doesn't contain any
    relevant information for Debian users
  * [25d4e8e] Updated copyright file

 -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 18 Aug 2009 08:28:23 +0200

wordpress (2.8.3-2ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.

 -- Michael Bienia <geser@ubuntu.com>  Fri, 14 Aug 2009 13:32:33 +0200

wordpress (2.8.3-2) unstable; urgency=medium

  * [2372863] debian/patches/011enforce_activaction_key.dpatch: Enforce
    activation key to be a string (Closes: #541102)
  * [cb80386] Fixed CVE-2008-6767 patch and prevent redirect loop.
    (Closes: #541199)

 -- Giuseppe Iuculano <giuseppe@iuculano.it>  Wed, 12 Aug 2009 18:18:52 +0200

wordpress (2.8.3-1) unstable; urgency=medium

  * [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411)
    This release fixed several security issue:
    - Privileges unchecked and multiple information disclosures.
      (CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724)
    - CVE-2009-2431, CVE-2009-2432: Obtain sensitive information
      (Closes: #537146)
    - CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php
      (Closes: #531736)
  * [347c164] debian/control: Added Giuseppe Iuculano in Uploaders,
    added Vcs and DM-Upload-Allowed control field
  * [92fb4ab] Bump to debhelper 7 compatibility levels
  * [5b8536e] Refreshing patches
  * [d999c0e] Added a watch file
  * [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there
    isn't anymore.
  * [9c4d0e5] debian/get-upstream-i18n: download .xpi files into
    debian/languages
  * [76b7c5c] Install language files
  * [a0bfad2] Move gettext in Build-Depends-Indep
  * [8b607bf] Use set -e instead of passing -e to the shell on the #!
    line
  * [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can
    upgrade wordpress. (CVE-2008-6767) (Closes: #531736)
  * [d6adfbe] Disabled the the "please update" warning, thanks to Hans
    Spaans and Rolf Leggewie (Closes: #506685)
  * [15c360c] Updated to standards version 3.8.2 (No changes needed)

 -- Giuseppe Iuculano <giuseppe@iuculano.it>  Tue, 11 Aug 2009 16:30:35 +0200

wordpress (2.7.1-2ubuntu1) jaunty; urgency=low

  * Merge from Debian unstable (LP: #327674), Ubuntu remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.
    - debian/patches/010_remove_update_notice.patch:
      + Remove Wordpress upgrade notify in admin dashboard

 -- Pedro Fragoso <ember@ubuntu.com>  Tue, 17 Feb 2009 01:15:21 +0000

wordpress (2.7.1-2) unstable; urgency=low

  * setup-mysql corrected to accept domain names with hyphens (Closes: #514447)
  * wp-config.php now dies if no config file is found (Closes: #500296)
  * now the static browser uploader is supported (Closes: #501507)
  	Users che chose to use the browser (instead of flash) to upload media files.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Sun, 15 Feb 2009 19:13:35 +0100

wordpress (2.7.1-1) experimental; urgency=low

  * Merge with upstream Wordpress-2.7 (Closes: #514845)
  * Corrected security regression on CVE-2008-2392.
  	Admins had unfiltered upload capability again.
  	Now this options is disabled by default and can be
  	enable through the security options panel.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Thu, 12 Feb 2009 00:39:29 +0100

wordpress (2.7-1) experimental; urgency=low

  * Merge with upstream Wordpress-2.7 (Closes: #507356)
  * README file is now more clear about Apache
    configuration (Closes: #511312, #507981)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Mon, 12 Jan 2009 12:30:05 +0100

wordpress (2.6.2-2) experimental; urgency=low

  * 007CVE2008-2392.patch modified.
  	Now users chan dinamically choose to enable unrestricted upload for admins.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Thu, 06 Nov 2008 10:38:07 +0100

wordpress (2.6.2-1) experimental; urgency=low

  * Merge with upstream Wordpress-2.6.2 (Closes: #490977)
  * Dependency field was changed to erase useless dependencies (Closes: #496240)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Tue, 23 Oct 2008 17:20:34 +0200

wordpress (2.5.1-11ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes: (LP: #304323)
   + debian/apache.conf:
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql:
    - Changed to use /var/www instead of /srv/www.
   + debian/patches/010_remove_update_notice.patch:
    - Reworked original patch to remove Wordpress upgrade notify
      in admin dashboard (Rolf Leggewie) (LP: #227547)

 -- Stefan Lesicnik <stefan@lsd.co.za>  Tue, 02 Dec 2008 11:06:57 +0200

wordpress (2.5.1-11) unstable; urgency=high

  * Added 011CVE2008-5278.patch. (Closes: #507193)
    Upstream patch for XSS in feed.php self_link function was
    implemented. (CVE-2008-5278)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Sun, 30 Nov 2008 11:26:39 +0100

wordpress (2.5.1-10ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes: (LP: #301340)
   + debian/apache.conf:
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql:
    - Changed to use /var/www instead of /srv/www.
  * debian/patches/010_remove_update_notice.patch:
    - Reworked original patch to remove Wordpress upgrade notify
      in admin dashboard (Rolf Leggewie) (LP: #227547)
  * Include patch for CVE2008-3747 (LP: #269301)

 -- Stefan Lesicnik <stefan@lsd.co.za>  Sun, 23 Nov 2008 18:12:33 +0200

wordpress (2.5.1-10) unstable; urgency=high

  * 007CVE2008-2392.patch modified.
  	Now users chan dinamically choose to enable unrestricted upload for admins.
  * 010_REQUEST.patch added.
  	This patch is only a workaround for #504771. Now cookies are properly
  	checked; if something malicious is found wordpress stops any other execution
  	until cookies are not cleaned.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Thu, 06 Nov 2008 10:12:35 +0100

wordpress (2.5.1-9ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
   + debian/apache.conf:
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql:
    - Changed to use /var/www instead of /srv/www.
    - modified to fix permissions on /var/www
   + debian/patches/010_remove_update_notice.patch:
    - Removed Wordpress upgrade notify in admin dashboard.

 -- Emanuele Gentili <emgent@ubuntu.com>  Fri, 07 Nov 2008 05:44:33 +0100

wordpress (2.5.1-9) unstable; urgency=high

  * Wordpress now depends on libphp-snoopy (Closes: #443948)
  * libphp-snoopy dependance solves grave security issue (Closes: #504234)
    Thanks to the new version of snoopy class the user input is now sanitized
    so it's not possibile to inject malicius code anymore (CVE-2008-4796)
  * setup-mysql modified to fix permissions on /srv/www

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Mon, 03 Nov 2008 08:39:16 +0100

wordpress (2.5.1-8ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
   + debian/apache.conf: 
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql: 
    - Changed to use /var/www instead of /srv/www.
   + debian/patches/010_remove_update_notice.patch: 
    - Removed Wordpress upgrade notify in admin dashboard.
  * Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
    in our version we don't need it. (See LP: #269301)

 -- Stefan Ebner <sebner@ubuntu.com>  Thu, 02 Oct 2008 22:24:20 +0200

wordpress (2.5.1-8) unstable; urgency=high

  * Added 009CVE2008-4106 patch. (Closes: #500115)
    Whitespaces in user name are now checked during login.
    It's not possible to register an "admin(n-whitespaces)" user anymore
    to gain unauthorized access to the admin panel.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Thu, 25 Sep 2008 17:02:47 +0200

wordpress (2.5.1-7) unstable; urgency=high

  * Modified CVE2008-3747 patch. (Closes: #497524)
    The old patch made the package completely unusable. The new
    one should solve the issue. (Thanks to Del Gurt)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Thu, 04 Sep 2008 00:42:11 +0200

wordpress (2.5.1-6) unstable; urgency=high

  * Added patch to fix remote attack vulnerability (Closes: #497216)
  	Attackers could gain administrative powers by sniffing cookies.
  	This patch force wordpress over a ssl connection to prevent
  	this issue. (CVE-2008-3747)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Sun, 31 Aug 2008 09:02:22 +0200

wordpress (2.5.1-5ubuntu2) intrepid; urgency=low

  * Change tinymce from 3.0.7 to 3.0.8-1

 -- Emanuele Gentili <emgent@ubuntu.com>  Sat, 09 Aug 2008 04:35:43 +0200

wordpress (2.5.1-5ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes: (LP: #237348)
   + debian/apache.conf: 
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql: 
    - Changed to use /var/www instead of /srv/www.

  * other changes:
   + debian/patches/008_remove_update_notice.patch: (LP: #227547)
    - Removed Wordpress upgrade notify in admin dashboard.

 -- Emanuele Gentili <emgent@ubuntu.com>  Wed, 23 Jul 2008 02:25:27 +0200

wordpress (2.5.1-5) unstable; urgency=low

  * Modified rules file to have a lintian clean package.

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Mon, 16 Jun 2008 18:41:21 +0200

wordpress (2.5.1-4) unstable; urgency=low

  * Added patch to fix unrestricted file upload vulnerability (Closes: #485807)
    Now administrators can upload only files that are in the standard
    mime-type set (Fixes CVE-2008-2392)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Sat, 14 Jun 2008 17:31:04 +0200

wordpress (2.5.1-3) unstable; urgency=low

  * rss_language is now modifiable through wp-admin panel.
    Thanks to Lionel Elie Mamane (Closes: #461584)
  * Makes Wordpress depend on tinymce (>= 3.0.7)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Mon, 05 May 2008 23:39:35 +0200

wordpress (2.5.1-2ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, Ubuntu remaining changes: (LP: #226667)
   - debian/apache.conf: Changed to use /var/www instead of /srv/www for
      virtual webroot.
   - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
   - Update maintainer field in debian/control.

 -- Emanuele Gentili <emgent@emanuele-gentili.com>  Mon, 05 May 2008 00:07:26 +0200

wordpress (2.5.1-2) unstable; urgency=low

  * Wordpress provides a MODIFIED tinymce (Closes: #478257) 
  * Setup-mysql script modified to handle SECURITY_KEY. (Closes: #478515)

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Mon, 28 Apr 2008 18:45:10 +0200

wordpress (2.5.1-1) unstable; urgency=high

  * Merged with upstream 2.5.1 security release
  * CVE-2008-1930 integrity protection vulnerability (Closes: #477910)
  * Depends on tinymce

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Sat, 26 Apr 2008 19:08:14 +0200

wordpress (2.5.0-2) unstable; urgency=low

  * New maintainer. (Closes: #473451: ITA: wordpress -- weblog manager)
  * Doesn't have a sane upload directory set (Closes: #430781)
  * Don't embedd prototype/scriptaculous (Closes: #475284

 -- Andrea De Iacovo <andrea.de.iacovo@gmail.com>  Fri, 18 Apr 2008 20:50:26 +0100

wordpress (2.5.0-1) unstable; urgency=low

  [ Kai Hendry ]
  * New Upstream Version

  [ Lionel Elie Mamane ]
  * Import translations as of 2008-04-01:
    ca.po, fr_FR, id_ID, ja, pt_PT, ru_RU, sr_RS
  * Update French theme to 2.5.0

 -- Lionel Elie Mamane <lmamane@debian.org>  Wed, 02 Apr 2008 00:33:30 +0200

wordpress (2.3.3+fr-2) unstable; urgency=low

  * Update French translation to 2.3.3 upstream version.

 -- Lionel Elie Mamane <lmamane@debian.org>  Mon, 03 Mar 2008 11:09:56 +0100

wordpress (2.3.3+fr-1) unstable; urgency=low

  * Add French language support back (accidentally dropped in 2.3.2-1,
    closes: #461617)

 -- Lionel Elie Mamane <lmamane@debian.org>  Sat, 09 Feb 2008 09:44:24 +0100

wordpress (2.3.3-1ubuntu1) hardy; urgency=low

   * Merge from Debian unstable (LP: #189481), Ubuntu remaining changes:
     - debian/apache.conf: Changed to use /var/www instead of /srv/www for
       virtual webroot.
     - debian/README.debian: Updated to include documentation on the change.
     - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
   * Modify Maintainer value to match Debian-Maintainer-Field Spec

 -- Emanuele Gentili <emgent@emanuele-gentili.com>  Wed, 06 Feb 2008 06:14:36 +0100

wordpress (2.3.3-1) unstable; urgency=high

  * New upstream security release:
    http://wordpress.org/development/2008/02/wordpress-233/
    - Fix for security flaw in XML-RPC implementation (CVE-2008-0664,
      closes: #464170) and http://trac.wordpress.org/ticket/5313

 -- Kai Hendry <hendry@iki.fi>  Tue, 05 Feb 2008 16:22:57 +0000

wordpress (2.3.2+fr-1ubuntu1) hardy; urgency=low

   * Merge from Debian unstable (LP: #187465), Ubuntu remaining changes:
     - debian/apache.conf: Changed to use /var/www instead of /srv/www for
       virtual webroot.
     - debian/README.debian: Updated to include documentation on the change.
     - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
   * Modify Maintainer value to match Debian-Maintainer-Field Spec

 -- Pedro Fragoso <emberez@gmail.com>  Tue, 22 Jan 2008 09:45:59 +0000

wordpress (2.3.2+fr-1) unstable; urgency=low

  * Add French language support (Closes: #461617)
  * Bump up Standards-Version to 3.7.3
  * Move Homepage from description to dpkg field
  * Tweak description to make it less advertisy
  * Consistently prefer php5 over php4 in dependency alternatives
  * Don't override local admin's idea of permissions on
    /etc/wordpress/config-* on every upgrade.

 -- Lionel Elie Mamane <lmamane@debian.org>  Mon, 21 Jan 2008 23:08:32 +0100

wordpress (2.3.2-1ubuntu1) hardy; urgency=low

   * Merge from Debian unstable (LP: #180922), Ubuntu remaining changes:
     - debian/apache.conf: Changed to use /var/www instead of /srv/www for
       virtual webroot.
     - debian/README.debian: Updated to include documentation on the change.
     - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
   * Modify Maintainer value to match Debian-Maintainer-Field Spec

 -- Pedro Fragoso <emberez@gmail.com>  Sun, 06 Jan 2008 21:38:43 +0000

wordpress (2.3.2-1) unstable; urgency=high

  * New upstream security release
  * http://wordpress.org/development/2007/12/wordpress-232/
  * new version 2.3.2 fixes security bugs (Closes: #459305)

 -- Kai Hendry <hendry@iki.fi>  Sun, 06 Jan 2008 18:12:21 +0000

wordpress (2.3.1-1ubuntu1) hardy; urgency=low

  * New upstream release. (LP: #138819)
  * Merge from debian unstable, remaining changes:
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for
      virtual webroot.
    - debian/README.debian: Updated to include documentation on the change.
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
    - Update maintainer field in debian/control.

 -- William Grant <william.grant@ubuntu.org.au>  Wed, 14 Nov 2007 08:50:22 +1100

wordpress (2.3.1-1) unstable; urgency=high

  * New upstream security release
  * http://wordpress.org/development/2007/10/wordpress-231/
  * should depend on php4-gd | php5-gd (Closes: #447492)
    php4-gd | php5-gd moves from suggests to depends
  * Bugs closed in this release:
    http://trac.wordpress.org/query?status=closed&milestone=2.3.1

 -- Kai Hendry <hendry@iki.fi>  Sun, 28 Oct 2007 17:20:12 +0000

wordpress (2.3-1) unstable; urgency=low

  * New upstream release
  * Maintainer meets upstream:
    http://flickr.com/photos/hendry/1468125949/
  * http://wordpress.org/development/2007/09/wordpress-23/

 -- Kai Hendry <hendry@iki.fi>  Mon, 01 Oct 2007 23:51:59 +0100

wordpress (2.2.3-1) unstable; urgency=high

  * New upstream security release
  * http://wordpress.org/development/2007/09/wordpress-223/
  * wordpress debian config overrides $file, $server in upstream php
    files (Closes: #440572)

 -- Kai Hendry <hendry@iki.fi>  Mon, 10 Sep 2007 19:36:34 +0100

wordpress (2.2.2-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian.
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for
      virtual webroot.
    - debian/README.debian: Updated to include documentation on the change.
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
    - Update maintainer field in debian/control.

 -- Michele Angrisano <micheleangrisano@ubuntu.com>  Mon, 06 Aug 2007 01:29:18 +0200

wordpress (2.2.2-1) unstable; urgency=high

  * New upstream security release
  * http://wordpress.org/development/2007/08/wordpress-222-and-2011/
  * Bugs closed http://trac.wordpress.org/query?status=closed&milestone=2.2.2
  * Changed files
    http://trac.wordpress.org/changeset?new=branches%2F2.2%405849&old=branches%2F2.2%405725
  * Several vulnerabilities detected (XSS, SQL-injection) (Closes:
    #435848)
  * wp-config.php breaks when accessed with port (Closes: #435289)

 -- Kai Hendry <hendry@iki.fi>  Sun, 05 Aug 2007 09:59:15 +0100

wordpress (2.2.1-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable, remaining changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian.
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for
      virtual webroot.
    - debian/README.debian: Updated to include documentation on the change.
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www.
    - Update maintainer in field debian/control.

 -- Michele Angrisano <micheleangrisano@ubuntu.com>  Mon,  2 Jul 2007 12:38:17 +0200

wordpress (2.2.1-1) unstable; urgency=high

  * New upstream release
  * http://wordpress.org/development/2007/06/wordpress-221/
  * Needs to use libphp-phpmailer (Closes: #429346)
  * [CVE-2007-3215] remote shell command injection in PHPMailer (Closes:
    #429194)
  * remote SQL injection vulnerability (Closes: #428073)

 -- Kai Hendry <hendry@iki.fi>  Sat, 23 Jun 2007 12:47:10 +0100

wordpress (2.2-1ubuntu1) gutsy; urgency=low

  * Merge from Debian unstable. Remaining Ubuntu changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian
    - debian/control: Change Maintainer/XSBC-Original-Maintainer field.
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for
      virtual webroot
    - debian/README.debian: Updated to include documentation on the change
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www

 -- Kjell Braden <fnord@pentabarf.de>  Fri, 25 May 2007 15:47:58 +0200

wordpress (2.2-1) unstable; urgency=low

  * New upstream release
  * http://wordpress.org/development/2007/05/wordpress-22/

 -- Kai Hendry <hendry@iki.fi>  Wed, 16 May 2007 09:54:36 +0100

wordpress (2.1.3-1ubuntu1) feisty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian
    - debian/control: Change Maintainer/XSBC-Original-Maintainer field.
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for virtual webroot
    - debian/README.debian: Updated to include documentation on the change
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www
  * UVF exception: LP: #103396

 -- Michael Bienia <geser@ubuntu.com>  Thu,  5 Apr 2007 22:39:12 +0200

wordpress (2.1.3-1) unstable; urgency=high

  * New upstream security release
  * http://wordpress.org/development/2007/04/wordpress-213-and-2010/
  * attempt to create a link into /srv/www/, directory which may not
    exist (Closes: #409258)

 -- Kai Hendry <hendry@iki.fi>  Wed, 04 Apr 2007 20:35:40 +0100

wordpress (2.1.2-1ubuntu2) feisty; urgency=low

  * Closes LP: #53001
    - debian/apache.conf: Changed to use /var/www instead of /srv/www for virtual webroot
    - debian/README.debian: Updated to include documentation on the change
    - debian/setup-mysql: Changed to use /var/www instead of /srv/www

 -- Joseph Jackson IV <jjacksoniv@fluxbuntu.org>  Sun,  25 Mar 2007 03:16:00 +0500

wordpress (2.1.2-1ubuntu1) feisty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian
    - debian/control: Change Maintainer/XSBC-Original-Maintainer field.
  * Fixes CVE-2007-1230
  * UVF exception: LP: #90532

 -- Michael Bienia <geser@ubuntu.com>  Thu,  8 Mar 2007 12:26:41 +0100

wordpress (2.1.2-1) unstable; urgency=high

  * New upstream security release
  * possible security issue (Closes: #413171)
  * http://trac.wordpress.org/ticket/3879
  * http://wordpress.org/development/2007/03/upgrade-212/

 -- Kai Hendry <hendry@iki.fi>  Sun,  4 Mar 2007 20:53:12 +0000

wordpress (2.1.1-1ubuntu1) feisty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Changed Blogroll to point to Planet Ubuntu instead of Planet Debian
  * debian/control: Change Maintainer/XSBC-Original-Maintainer field.
  * UVF exception: LP: #87097

 -- Michael Bienia <geser@ubuntu.com>  Fri, 23 Feb 2007 14:10:37 +0100

wordpress (2.1.1-1) unstable; urgency=high

  * New upstream security release
  * Updated copyright with new download link
  * http://wordpress.org/development/2007/02/new-releases
  * http://trac.wordpress.org/milestone/2.1.1
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049

 -- Kai Hendry <hendry@iki.fi>  Wed, 21 Feb 2007 11:14:33 +0000

wordpress (2.1.0-1ubuntu1) feisty; urgency=low

  * Changed Blogroll to point to Planet Ubuntu instead of Planet Debian

 -- Martin Meredith <mez@ubuntu.com>  Mon,  5 Feb 2007 15:05:21 +0000

wordpress (2.1.0-1) unstable; urgency=low

  * New upstream release
  * http://wordpress.org/development/2007/01/ella-21/
  * Thanks to #debian-devel's Sesse and seanius to help fix the execute perm
    problems on wp-includes/
  * Modified Blogroll to point only to Planet Debian

 -- Kai Hendry <hendry@iki.fi>  Tue, 23 Jan 2007 14:47:30 +0000

wordpress (2.0.7-1) unstable; urgency=low

  * New upstream release
  * New upstream available (security fix) (Closes: #407116)
  * Thanks to Fabio Tranchitella and Moritz Muehlenhoff for their support
  * Improved the copyright at Moritz's request
  * Moritz says the security fix does not apply to Debian's PHP hence low
    urgency
  * See http://wordpress.org/development/2007/01/wordpress-207/ for details of
    minor changes
  * Tweaked the dependency line for better php5 support
  * setup-mysql -h  minor usage summary error + should be executable
    (Closes: #407496)

 -- Kai Hendry <hendry@iki.fi>  Fri, 19 Jan 2007 10:35:57 +0000

wordpress (2.0.6-1) unstable; urgency=high

  * New upstream release
  * Security fix, urgency high.
  * FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()"
    Function Client-Side Cross Site Scripting Vulnerability.
    (Closes: #405299, #405691)

 -- Kai Hendry <hendry@iki.fi>  Fri,  5 Jan 2007 14:04:56 +0000

wordpress (2.0.5-0.1) unstable; urgency=medium

  * NMU on maintainer's request.
  * Security fix, urgency medium.
  * readme.html: s/license.txt/copyright/. (Closes: #382283)
  * New upstream release, which fixes:
    - CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup
      plugin for WordPress. (Closes: #384800)

 -- Fabio Tranchitella <kobold@debian.org>  Fri,  3 Nov 2006 15:12:06 +0100

wordpress (2.0.4-2) unstable; urgency=low

  * examples/setup-mysql doesn't work with dash (Closes: #372128)
  * installs apache AND apache2 by default (Closes: #379118)
    Many thanks to Fabio Tranchitella and Jesus Climent
  * "Publish" produces broken links (Closes: #367001)
    Disabled "Rich editor" by default

 -- Kai Hendry <hendry@iki.fi>  Sun,  6 Aug 2006 12:39:56 +0100

wordpress (2.0.4-1) unstable; urgency=high

  * New upstream release
  * examples/setup-mysql doesn't work with dash (Closes: #372128)

 -- Kai Hendry <hendry@iki.fi>  Sun,  6 Aug 2006 11:59:39 +0100

wordpress (2.0.3-1) unstable; urgency=high

  * New upstream release
  * 'Cache' shell injection vulnerability (Closes: #369014)

 -- Kai Hendry <hendry@iki.fi>  Fri,  2 Jun 2006 21:00:51 +0900

wordpress (2.0.2-2) unstable; urgency=high

  * setup-mysql fails if the domain contains a port number (Closes:
    #362171)
  * Insecure file permissions in /etc/wordpress (Closes: #363580)
  * Added a postinst to help users correct permissions

 -- Kai Hendry <hendry@iki.fi>  Thu, 20 Apr 2006 10:12:56 +0900

wordpress (2.0.2-1) unstable; urgency=high

  * New upstream release
  * 'This would have been out sooner, if I wasn't in hospital' release ;)
  * Changed blogroll link to Planet Debian
  * Altered 'plugin policy', it's now DIY
  * mysql syntax error when running setup-mysql script (Closes: #355958)
  * Several vulnerabilities discovered by 'snake oil' Neo Security Team
    (Closes: #355055)
    http://somethingunpredictable.com/archives/01/03/2006/wordpress-vulnerabilities-bogus/
  * http://wordpress.org/development/2006/03/security-202/

 -- Kai Hendry <hendry@iki.fi>  Mon, 13 Mar 2006 12:44:44 +0900

wordpress (2.0.1-1) unstable; urgency=low

  * New upstream release
  * CSS Security Vulnerability (Closes: #328909)
  * Please announce that upgrade.php needs to be run after update
    (Closes: #348458)

 -- Kai Hendry <hendry@iki.fi>  Thu,  2 Feb 2006 11:22:31 +0900

wordpress (2.0-1) unstable; urgency=low

  * New upstream release
  * Closes: #320462: Wordpress replaces valid characters in urls with
    HTML entities, breaking the URL
  * Closes: #326685: Incorrectly mangles URLs using the wptexturize
    function
  * Closes: #347339: Wordpress version 2 is available
  * Closes: #345508: Should have a dependancy on the php5-gd package

 -- Kai Hendry <hendry@iki.fi>  Fri, 13 Jan 2006 03:58:59 +0000

wordpress (1.5.2-2) unstable; urgency=low

  * Now with support for PHP5
  * Requires mysql-server when the server can actually be on a remote
    server (Closes: #328554)

 -- Kai Hendry <hendry@iki.fi>  Thu, 22 Sep 2005 13:56:50 +1000

wordpress (1.5.2-1) unstable; urgency=high

  * New upstream "security fix" release
  * Closes: #323040: CAN-2005-2612
  * See: http://wordpress.org/development/2005/08/one-five-two/

 -- Kai Hendry <hendry@iki.fi>  Fri, 19 Aug 2005 10:58:17 +1000

wordpress (1.5.1.3-4) unstable; urgency=medium

  * 'I really should have tested this on another machine' release
  * Closes: #319007: dbconfig dep screws upgrade

 -- Kai Hendry <hendry@iki.fi>  Tue, 19 Jul 2005 20:03:10 +1000

wordpress (1.5.1.3-3) unstable; urgency=low

  * Improved the setup-mysql script for Wordpress MASS hosting with Apache's
    VirtualDocumentRoot 

 -- Kai Hendry <hendry@iki.fi>  Fri, 15 Jul 2005 10:50:59 +1000

wordpress (1.5.1.3-2) unstable; urgency=high

  * The no XML-RPC vulnerabilities here release. ;)
  * Strongly advised to upgrade due to inconsistencies between 1.5.1.3-1 orig
    tar.gz and the upstream 1.5.1.3 latest.tar.gz after checking.
  * Closes: #312721: wordpress does not see mysql
  * Changed upstream's default links. Controversial?

 -- Kai Hendry <hendry@iki.fi>  Fri,  8 Jul 2005 12:11:23 +1000

wordpress (1.5.1.3-1) unstable; urgency=high

  * New upstream release
  * Yet another security release:
    http://wordpress.org/development/2005/06/wordpress-1513

 -- Kai Hendry <hendry@iki.fi>  Thu, 30 Jun 2005 15:25:27 +1000

wordpress (1.5.1.2-1) unstable; urgency=high

  * New upstream release
  * Another security release:
    http://wordpress.org/development/2005/05/security-update/

 -- Kai Hendry <hendry@iki.fi>  Sun, 29 May 2005 00:52:39 +1000

wordpress (1.5.1-1) unstable; urgency=high

  * Upstream changelog is here:
    http://codex.wordpress.org/Changelog/1.5.1
  * Fixes an unannounced "important security fix"

 --  <hendry@cs.helsinki.fi>  Tue, 10 May 2005 01:48:34 +0100

wordpress (1.5.0-2) unstable; urgency=low

  * Thanks to NOKUBI Takatsugu and the Debian Japan people for making this
    release possible
  * Moved mysql setup out of postinst allowing multiple blogs on the host at
    the loss of automated mysql setup.
  * Closes: #298563: incompatible with mysql-server-4.1
  * Closes: #298571: multiple installation support
  * Closes: #300200: multiple installation support
  * Closes: #300757: How would one add plugins to wordpress ?

 -- Kai Hendry <hendry@cs.helsinki.fi>  Sat, 23 Apr 2005 15:17:45 +0900

wordpress (1.5.0-1) unstable; urgency=high

  * Closes: #275814: New version fixes security flaws
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1559
  * Closes: #288613: /usr/share/wordpress/readme.html missing
  * Closes: #287086: new upstream 1.2.2
  * Added some NEWS that users will find helpful in the upgrade

 -- Kai Hendry <hendry@cs.helsinki.fi>  Fri, 25 Feb 2005 07:11:47 +0200

wordpress (1.2.2-1.1) unstable; urgency=medium

  * NMU
  * Thank you Dominic Hargreaves and svn-upgrade

 -- Kai Hendry <hendry@cs.helsinki.fi>  Sat, 18 Dec 2004 09:32:14 +0200

wordpress (1.2.1-1.1) unstable; urgency=medium

  * NMU
  * Closes: #275814: New upstream release that fixes security problem
    detailed: http://secunia.com/advisories/12773/
  * Closes: #276112: Need more complete README.Debian for new users
    Added some detail to README.Debian
  * Escaped a mysql line in the postrm that might avoid a bug.

 -- Kai Hendry <hendry@cs.helsinki.fi>  Sat, 27 Nov 2004 16:48:32 +0200

wordpress (1.2.0-1.1) unstable; urgency=low

  * NMU
  * Closes: #250812: New upstream
  * Closes: #251653: apache2 support
  * Closes: #255121: conffiles not marked
  * Revised dependency on mysql-server otherwise debian-sys-maint will never work
  * Thanks to Teemu Hukkanen, Corey Wright, Christian Hammers and Matt Mullenweg 

 -- Kai Hendry <hendry@cs.helsinki.fi>  Thu, 12 Aug 2004 21:50:04 +0300

wordpress (1.0.2-1) unstable; urgency=low

  * New upstream release
  * New package description (Closes: #237137)
  * Made a plain text version of readme.html

 -- Gabriel Rodríguez Alberich <chewie@the-geek.org>  Sun, 21 Mar 2004 18:25:20 +0000

wordpress (1.0.1-1) unstable; urgency=low

  * Initial release (Closes: #230034)

 -- Gabriel Rodríguez Alberich <chewie@the-geek.org>  Thu, 26 Feb 2004 19:37:33 +0000

