Your message dated Wed, 5 Mar 2008 09:43:58 +0000
with message-id <[EMAIL PROTECTED]>
and subject line http://www.debian.org/security/2008/dsa-1502
has caused the Debian Bug report #437840,
regarding Multiple security vulnerabilities in wordpress-2.0.10-1 (XSS and SQL
injection)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
437840: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437840
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: wordpress
Version: 2.0.10-1
Severity: important
Tags: security
Wordpress 2.0.10 has several security vulnerabilities which are fixed
in a new release 2.0.11. Full details are at:
http://wordpress.org/development/2007/08/wordpress-222-and-2011/
http://trac.wordpress.org/query?status=closed&milestone=2.0.11
The vulnerabilities are:
- XSS in the admin page for the default theme:
http://www.example.com/wp-admin/themes.php?page=functions.php&foo=";><script>alert(String.fromCharCode(88,83,83))</script>
- SQL injection attack (see
http://www.waraxe.us/ftopict-1780.html#7560 and
http://trac.wordpress.org/ticket/4322)
- Two more (an XSS attack and a SQL injection attack) that probably
aren't exploitable in any useful way, at least in most cases.
--- End Message ---
--- Begin Message ---
This long standing bug was fixed with a upload from Noah Meyerhans. Thank you.
http://www.debian.org/security/2008/dsa-1502
--- End Message ---
