Your message dated Tue, 11 Aug 2009 19:48:14 +0000
with message-id <[email protected]>
and subject line Bug#537146: fixed in wordpress 2.8.3-1
has caused the Debian Bug report #537146,
regarding CVE-2009-2431, CVE-2009-2432
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
537146: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537146
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wordpress.

CVE-2009-2431[0]:
| WordPress 2.7.1 places the username of a post's author in an HTML
| comment, which allows remote attackers to obtain sensitive information
| by reading the HTML source.

CVE-2009-2432[1]:
| WordPress and WordPress MU before 2.8.1 allow remote attackers to
| obtain sensitive information via a direct request to wp-settings.php,
| which reveals the installation path in an error message.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431
    http://security-tracker.debian.net/tracker/CVE-2009-2431
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2432
    http://security-tracker.debian.net/tracker/CVE-2009-2432

Cheers,
Giuseppe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpd3pMACgkQNxpp46476aqM3ACfcibxTeb3VlsmO3Pw5hgJ3M1z
Q7cAn1FSBrFa0HcY8uSDEsEF1tBjGmzv
=g+1s
-----END PGP SIGNATURE-----



--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.8.3-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress_2.8.3-1.diff.gz
  to pool/main/w/wordpress/wordpress_2.8.3-1.diff.gz
wordpress_2.8.3-1.dsc
  to pool/main/w/wordpress/wordpress_2.8.3-1.dsc
wordpress_2.8.3-1_all.deb
  to pool/main/w/wordpress/wordpress_2.8.3-1_all.deb
wordpress_2.8.3.orig.tar.gz
  to pool/main/w/wordpress/wordpress_2.8.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 11 Aug 2009 16:30:35 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Andrea De Iacovo <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description: 
 wordpress  - weblog manager
Closes: 506685 531736 531736 533387 536724 537146 539411
Changes: 
 wordpress (2.8.3-1) unstable; urgency=medium
 .
   * [f625087] Imported Upstream version 2.8.3 (Closes: #533387, #539411)
     This release fixed several security issue:
     - Privileges unchecked and multiple information disclosures.
       (CVE-2009-2334, CVE-2009-2335, CVE-2009-2336) (Closes: #536724)
     - CVE-2009-2431, CVE-2009-2432: Obtain sensitive information
       (Closes: #537146)
     - CVE-2008-6762: Open redirect vulnerability in wp-admin/upgrade.php
       (Closes: #531736)
   * [347c164] debian/control: Added Giuseppe Iuculano in Uploaders,
     added Vcs and DM-Upload-Allowed control field
   * [92fb4ab] Bump to debhelper 7 compatibility levels
   * [5b8536e] Refreshing patches
   * [d999c0e] Added a watch file
   * [4163c0c] debian/rules: Do not remove the autosave tinymce plugin, there
     isn't anymore.
   * [9c4d0e5] debian/get-upstream-i18n: download .xpi files into
     debian/languages
   * [76b7c5c] Install language files
   * [a0bfad2] Move gettext in Build-Depends-Indep
   * [8b607bf] Use set -e instead of passing -e to the shell on the #!
     line
   * [6cbbf36] debian/patches/009CVE2008-6767.dpatch: Only admin can
     upgrade wordpress. (CVE-2008-6767) (Closes: #531736)
   * [d6adfbe] Disabled the the "please update" warning, thanks to Hans
     Spaans and Rolf Leggewie (Closes: #506685)
   * [15c360c] Updated to standards version 3.8.2 (No changes needed)
Checksums-Sha1: 
 22d37d15eaf29d4b7418cdb549c5b6338c455184 1544 wordpress_2.8.3-1.dsc
 669cdf11a1728321283c724a0207eb37653caf73 2078634 wordpress_2.8.3.orig.tar.gz
 120080cd8d4927a8dfe970c0a258805a5e3dfcbd 3384120 wordpress_2.8.3-1.diff.gz
 f951932243bd64a76f3f9a5228ba2d805eff1b8f 4215764 wordpress_2.8.3-1_all.deb
Checksums-Sha256: 
 3b4fda3ca671be0de7f60d4ee54afaa52f84f792fef39ac4010663f980e9655c 1544 
wordpress_2.8.3-1.dsc
 8db730cf2e852103967a1fce49294b65168746341474b7f8b49967d2a3461c59 2078634 
wordpress_2.8.3.orig.tar.gz
 b611f2da4f0bc53d7bbb62f33c211bf516f608f632416b0b43a7a9a474465f16 3384120 
wordpress_2.8.3-1.diff.gz
 62baebcf7c354f7a211dcfc90a531f7c517aa1591e64038c244a1ddae8e8cdef 4215764 
wordpress_2.8.3-1_all.deb
Files: 
 a59d59df4d12fb2f89aba4503f275a84 1544 web optional wordpress_2.8.3-1.dsc
 0edfb5145f4b246eed72646355c45ea0 2078634 web optional 
wordpress_2.8.3.orig.tar.gz
 64a0b705cda0b79255a15884a4866731 3384120 web optional wordpress_2.8.3-1.diff.gz
 1f71bb0467d528cffdc8bece1d16e43e 4215764 web optional wordpress_2.8.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBCAAGBQJKgccGAAoJECIIoQCMVaAcQz4H/AjbaQs4Q6HfdTrDAQdYAT1I
dYvWko05+qt3BFGkFDboVXgs5RRGCnhgGAkWfSu0nWiPCU/yRTegwwZgsbBFZ/vH
Xy98e4vuyo7I5yFeRDedOdINuWRDrjEQgaNYOT5vpjPx+fkeMs1Nb6pCYE758E31
4MYuVmYNFtxq6l3uwuhnaUlAME7LvT0+Nqas+wAPTU0DgmlXmGcmghm4OrRjJ11y
UMHQDyLGjsupo+GMrdTDfvQFpA9lYRGT8S8FFHikgUPDKBvfbErb1tg1IIp8FJmK
WLON7V7VK/LiY3saxj1SfG0t0khpc0PtfSa/LevsFF2i50JEYV4FLWz8Do3hyXQ=
=1Mc9
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to