Hi, I'd like to add a bit of information here.
Recently, Wordpress 2.1.1 has been compromised and an exploit added to the code. http://wordpress.org/development/2007/03/upgrade-212/ This can happen. However, upstream solves this by advising everyone to "just upgrade to 2.1.2". Otherwise it stays vague about what is affected: they list "past 3-4 days" as the window, they do not tell the (md5 or sha1) checksums of the trusted version, nor do they give the exploit code that was added. They produce no way for me to check whether an existing installation is affected or not. "Just upgrade". I'm therefore not convinced that they take security seriously in a way other than "upgrade to this new fixed version, which contains some other fixes too", which is exactly not what Debian needs. Thijs
signature.asc
Description: This is a digitally signed message part