Bug#605603: marked as done (wordpress: Author level SQL injection vulnerability fixed in 3.0.2)

Tue, 07 Dec 2010 00:51:44 -0800 

Your message dated Tue, 07 Dec 2010 08:48:49 +0000
with message-id <e1ppte9-0006tk...@franck.debian.org>
and subject line Bug#605603: fixed in wordpress 3.0.2-1
has caused the Debian Bug report #605603,
regarding wordpress: Author level SQL injection vulnerability fixed in 3.0.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
605603: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: wordpress
Version: 3.0.1-2
Severity: grave
Tags: security
Justification: user security hole

3.0.2 includes an update which appears to fix an SQL injection attack:

<http://codex.wordpress.org/Version_3.0.2>
<http://core.trac.wordpress.org/changeset/16625>

This looks worthy of an update for squeeze. Note that the other updates
in 3.0.2 also include various security hardening issues so it may be
most appropriate to upload 3.0.2 itself for squeeze.

--- End Message ---
--- Begin Message --- 
Source: wordpress
Source-Version: 3.0.2-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress-l10n_3.0.2-1_all.deb
  to main/w/wordpress/wordpress-l10n_3.0.2-1_all.deb
wordpress_3.0.2-1.debian.tar.gz
  to main/w/wordpress/wordpress_3.0.2-1.debian.tar.gz
wordpress_3.0.2-1.dsc
  to main/w/wordpress/wordpress_3.0.2-1.dsc
wordpress_3.0.2-1_all.deb
  to main/w/wordpress/wordpress_3.0.2-1_all.deb
wordpress_3.0.2.orig.tar.gz
  to main/w/wordpress/wordpress_3.0.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 605...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 07 Dec 2010 08:43:38 +0100
Source: wordpress
Binary: wordpress wordpress-l10n
Architecture: source all
Version: 3.0.2-1
Distribution: unstable
Urgency: high
Maintainer: Giuseppe Iuculano <iucul...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 wordpress  - weblog manager
 wordpress-l10n - weblog manager - language files
Closes: 602732 605603 605880
Changes: 
 wordpress (3.0.2-1) unstable; urgency=high
 .
   [ Raphaƫl Hertzog ]
   * [9d6922c] Improve wp-config.php to support sites on subdomains and
     htaccess by providing directives ready to uncomment
 .
   [ Giuseppe Iuculano ]
   * [1dc32d3] Imported Upstream version 3.0.2 (Closes: #605880)
     - Author level SQL injection vulnerability fixed (Closes: #605603)
   * [b4f2869] Refreshed debian/patches/001readme.patch
   * [612c23f] Remove flv_player.swf from manifest.php (Closes: #602732)
Checksums-Sha1: 
 85c1e10ca76d5740f2d6639ceddfd7774f61fd92 1259 wordpress_3.0.2-1.dsc
 08a06c5338dfdd3ca76d99fbe32ade67eec8822b 2688999 wordpress_3.0.2.orig.tar.gz
 06906641bb12489c466a542f65c5f43124718f58 7031530 
wordpress_3.0.2-1.debian.tar.gz
 f27c8d118c5999f6ac13a190ae255b3438dcfe55 2513492 wordpress_3.0.2-1_all.deb
 17455991f483e58e4ff045a32865cda3ed7dc1ea 5987796 wordpress-l10n_3.0.2-1_all.deb
Checksums-Sha256: 
 79adacaa35a31b9530db99d9c4056924b77778f43bd91f59ac5d49e366b82933 1259 
wordpress_3.0.2-1.dsc
 cc6f8707a4b19d44845abec890f7767ef6e053cb71e5799ac9b3705425611d4f 2688999 
wordpress_3.0.2.orig.tar.gz
 36e04aa0524c66c586d0f789ac6b7c1b6615823db86491c1ceb7a191025ead81 7031530 
wordpress_3.0.2-1.debian.tar.gz
 6148ed038c45958e9b784a00ee9c40b71a0764d3bdc1cd1ae786c77e4f374d49 2513492 
wordpress_3.0.2-1_all.deb
 7cbcd5ea79773ec0a2a6e31bdc591183657d05a6f587a59cf6fa9e8642d5cc15 5987796 
wordpress-l10n_3.0.2-1_all.deb
Files: 
 3e135f322a367e5eced974a7200d2d24 1259 web optional wordpress_3.0.2-1.dsc
 9f8b305f72dbe96291ca0d13b21cb279 2688999 web optional 
wordpress_3.0.2.orig.tar.gz
 b4789d8f19cde22b6990e46cd10b6537 7031530 web optional 
wordpress_3.0.2-1.debian.tar.gz
 e3db07c2b96091714189b8c07ff2670a 2513492 web optional wordpress_3.0.2-1_all.deb
 fb0d522d9c33b7f0b6934d8e330f4b5b 5987796 localization optional 
wordpress-l10n_3.0.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkz95ukACgkQNxpp46476aokSgCggNJqRT677MfjK5toDW6bAc9l
JD4An04izhn82OF8moP/fG5miGuBWu+X
=AYAQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to