Your message dated Thu, 06 Mar 2008 19:52:16 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#437840: fixed in wordpress 2.0.10-1etch1
has caused the Debian Bug report #437840,
regarding Multiple security vulnerabilities in wordpress-2.0.10-1 (XSS and SQL
injection)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
437840: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437840
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: wordpress
Version: 2.0.10-1
Severity: important
Tags: security
Wordpress 2.0.10 has several security vulnerabilities which are fixed
in a new release 2.0.11. Full details are at:
http://wordpress.org/development/2007/08/wordpress-222-and-2011/
http://trac.wordpress.org/query?status=closed&milestone=2.0.11
The vulnerabilities are:
- XSS in the admin page for the default theme:
http://www.example.com/wp-admin/themes.php?page=functions.php&foo=";><script>alert(String.fromCharCode(88,83,83))</script>
- SQL injection attack (see
http://www.waraxe.us/ftopict-1780.html#7560 and
http://trac.wordpress.org/ticket/4322)
- Two more (an XSS attack and a SQL injection attack) that probably
aren't exploitable in any useful way, at least in most cases.
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.0.10-1etch1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.10-1etch1.diff.gz
to pool/main/w/wordpress/wordpress_2.0.10-1etch1.diff.gz
wordpress_2.0.10-1etch1.dsc
to pool/main/w/wordpress/wordpress_2.0.10-1etch1.dsc
wordpress_2.0.10-1etch1_all.deb
to pool/main/w/wordpress/wordpress_2.0.10-1etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kai Hendry <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 09 Feb 2008 09:59:29 +0000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.10-1etch1
Distribution: stable-security
Urgency: high
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Kai Hendry <[EMAIL PROTECTED]>
Description:
wordpress - an award winning weblog manager
Closes: 437840
Changes:
wordpress (2.0.10-1etch1) stable-security; urgency=high
.
* Backported upstream security bug patches from 4691, 4690(CVE-2007-3238),
4322(CVE-2007-2821), 4748, 4819
* Closing multiple security vulnerabilities in wordpress-2.0.10-1 (XSS and
SQL injection) (Closes: #437840)
* Removed wp-db-backup.php to fix CVE-2008-0193 & CVE-2008-0194 on advice
from upstream
Files:
aacd4d2338fa941f11147d36d85149b9 572 web optional wordpress_2.0.10-1etch1.dsc
5f3c8c32c87ac34dca41f2d93b87b1da 10454 web optional
wordpress_2.0.10-1etch1.diff.gz
7508cf16054729cfae3444e07b369caf 519232 web optional
wordpress_2.0.10-1etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvYZcYrVLjBFATsMRAsfzAJ47aPQ367p0H1oLfhu2ZEFylvkRPgCeObI+
guLGDCtUzemEjQZs1clEWZY=
=ZJCl
-----END PGP SIGNATURE-----
--- End Message ---
