Your message dated Mon, 12 Feb 2007 21:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#407289: fixed in wordpress 2.0.8-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wordpress
Version: 2.0.6-1
Severity: important
Tags: security
Affected system:
WordPress =>2.0.6
Discovered a weakness in WordPress, which can be exploited by
malicious people to disclose SQL information and Wordpress Full Path.
The problem is that SQL error messages are returned to the user. This
can be exploited to disclose the configured table prefix via an invalid
"m" parameter passed in index.php.
Example:
http://[host]/index.php?m[]=
You will see return information like this:
Warning: rawurlencode() expects parameter 1 to be string, array given in
[path]\wp-includes\classes.php on line 227
WordPress 数据库错误: [Unknown column
'Arra' in 'where clause']
SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND YEAR
(post_date)=Arra AND (post_type = 'post' AND (post_status = 'publish' OR
post_status = 'private')) ORDER BY post_date DESC LIMIT 0, 10
Solution:
Edit the source use is_array() function to Inspection Var "$m"
Reference:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0262
http://www.securityfocus.com/archive/1/archive/1/456731/100/0/threaded
Note:
Please mention the CVE id in the changelog.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.0.8-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.8-1.diff.gz
to pool/main/w/wordpress/wordpress_2.0.8-1.diff.gz
wordpress_2.0.8-1.dsc
to pool/main/w/wordpress/wordpress_2.0.8-1.dsc
wordpress_2.0.8-1_all.deb
to pool/main/w/wordpress/wordpress_2.0.8-1_all.deb
wordpress_2.0.8.orig.tar.gz
to pool/main/w/wordpress/wordpress_2.0.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Neil McGovern <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 9 Feb 2007 20:08:26 +0000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.8-1
Distribution: testing-security
Urgency: high
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Neil McGovern <[EMAIL PROTECTED]>
Description:
wordpress - an award winning weblog manager
Closes: 407289
Changes:
wordpress (2.0.8-1) testing-security; urgency=high
.
[Neil McGovern]
* Non-maintainer upload by security team.
* Fixes for CVE-2007-0539 and CVE-2007-0541
[Kai Hendry]
* New upstream release
* Security fix, urgency high for etch
* 2.0.x currently is the Wordpress *stable* branch
* CVE-2007-0262: wordpress: Full Path disclosure and disclosure of
Table Prefix Weakness (Closes: #407289)
Files:
11d3437bce9ecef138e16efd04de960a 558 web optional wordpress_2.0.8-1.dsc
b2f3503fee081233a81f5f4903ec3928 519755 web optional
wordpress_2.0.8.orig.tar.gz
32705e954c58c50adb18c121d78535bf 8790 web optional wordpress_2.0.8-1.diff.gz
763ec097cef97aec52731369149ba7d3 524840 web optional wordpress_2.0.8-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF0NYs97LBwbNFvdMRAkAnAJ4hMEL2Pq3iH5LUKEVs39MpEKNydgCfYy7A
SIcrs/5GHCnHD5w+w7+KjoQ=
=trVz
-----END PGP SIGNATURE-----
--- End Message ---