Your message dated Sun, 23 Aug 2009 14:03:07 +0000
with message-id <[email protected]>
and subject line Bug#491846: fixed in wordpress 2.0.10-1etch4
has caused the Debian Bug report #491846,
regarding wordpress: security update to 2.0.10-1etch3: cannot use external
editor
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
491846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491846
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Version: 2.0.10-1etch3
Severity: normal
Since updating, one of my users cannot create new blog entries with his editor
(MarsEdit). (Error: "Can’t do post for TuW ZSI because the server reported an
errorThe XML parser could not parse the data.: XML-RPC Response Parsing
Failed.")
However, new posts are saved as drafts.
Also, he cannot retrieve "recent posts" into his editor.
He also sent me the following error message:
Warning:
include_once(/usr/share/wordpress/wp-admin/includes/admin.php)
[function.include-once]: failed to open stream: No such file
or directory in /usr/share/wordpress/xmlrpc.php on line 42
Warning: include_once() [function.include]:
Failed opening '/usr/share/wordpress/wp-admin/includes/admin.php'
for inclusion (include_path='.:/usr/share/php5') in
/usr/share/wordpress/xmlrpc.php on line 42
Fatal error: Call to undefined function wp_get_post_categories()
in /usr/share/wordpress/xmlrpc.php on line 1795
Indeed, /usr/share/wordpress/wp-admin/includes/admin.php does not exist but
is called in /usr/share/wordpress/xmlrpc.php
In fact, the directory /usr/share/wordpress/wp-admin/includes/ does not exist.
I tried editing line 42 of /usr/share/wordpress/xmlrpc.php but I don't know
what to make of line 1795.
Any ideas?
Erwin
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages wordpress depends on:
ii apache2 2.2.3-4+etch4 Next generation, scalable, extenda
ii apache2-mpm-prefork [http 2.2.3-4+etch4 Traditional model for Apache HTTPD
ii libapache2-mod-php5 5.2.0-8+etch11 server-side, HTML-embedded scripti
ii mysql-client-5.0 [virtual 5.0.32-7etch6 mysql database client binaries
ii php5 5.2.0-8+etch11 server-side, HTML-embedded scripti
ii php5-mysql 5.2.0-8+etch11 MySQL module for php5
wordpress recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.0.10-1etch4
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.10-1etch4.diff.gz
to pool/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz
wordpress_2.0.10-1etch4.dsc
to pool/main/w/wordpress/wordpress_2.0.10-1etch4.dsc
wordpress_2.0.10-1etch4_all.deb
to pool/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 15 Aug 2009 11:58:32 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.10-1etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Andrea De Iacovo <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
wordpress - an award winning weblog manager
Closes: 491846 500115 504234 504243 504771 531736 531736 536724
Changes:
wordpress (2.0.10-1etch4) oldstable-security; urgency=high
.
* [2ef79dd] Removed 010CVE2008-0664.patch, it caused a regression and
wordpress 2.0.10 isn't affected by CVE-2008-0664. (Closes: #491846)
* [abbabe9] Fixed CVE-2008-1502 _bad_protocol_once function in KSES
allows remote attackers to conduct XSS attacks (Closes: #504243)
* [e8a73eb] Fixed CVE-2008-4106: Whitespaces in user name are now
checked during login. (Closes: #500115)
* [8a2e4f9] Fixed CVE-2008-4769: Sanitize "cat" query var and cast to
int before looking for a category template
* [711274f] Fixed CVE-2008-4796: missing input sanitising in embedded
copy of Snoopy.class.php (Closes: #504234)
* [17c72c0] Fixed CVE-2008-6762: Force redirect after an upgrade
(Closes: #531736)
* [88d8244] Fixed CVE-2008-6767: Only admin can upgrade wordpress.
(Closes: #531736)
* [d5c02a9] Fixed CVE-2009-2334 and CVE-2009-2854: Added some CYA cap checks
(Closes: #536724)
* [80e9dbd] Fixed CVE-2008-5113: Force REQUEST to be GET + POST. If
SERVER, COOKIE, or ENV are needed, use those superglobals directly.
(Closes: #504771)
* [7f577ca] Fixed CVE-2009-2851: Sanitize HTML URLs in author comments
* [f23d55f] Fixed CVE-2009-2853: Stop direct loading of files in wp-admin
that should only be included
Files:
d9389cbc71eee6f08b15762a97c9d537 607 web optional wordpress_2.0.10-1etch4.dsc
45349b0822fc376b8cfef51b5cec3510 50984 web optional
wordpress_2.0.10-1etch4.diff.gz
71a6aea482d0e7afb9c82701bef336e9 521060 web optional
wordpress_2.0.10-1etch4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqN5KUACgkQ62zWxYk/rQf2XgCdFV8GR2K1YxsS+LI4qrIQVc+z
FXQAoKs1Tt+JiOHxEEM61EeSOwUpUPhw
=kQoV
-----END PGP SIGNATURE-----
--- End Message ---
