-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH http://www.openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.027 2006-10-30 ________________________________________________________________________ Package: wordpress Vulnerability: multiple vulnerability OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLID n.a. >= wordpress-2.0.5-E1.0.0 2-STABLE-20061018 <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030 2-STABLE <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030 CURRENT <= wordpress-2.0.4-20061013 >= wordpress-2.0.5-20061029 Description: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files. ________________________________________________________________________ References: [0] http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/ [1] http://www.wordpress.org/ ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) which you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the instructions on http://www.openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFFRgoggHWT4GPEy58RAhgJAKCzcVAVbwWYRUeti/j308yXG5C07QCfc5Y+ YH/v7OV2So4F6KTzLyHEe6M= =KVci -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project www.openpkg.org Project Announcement List openpkg-announce@openpkg.org
