On Fri, Jul 4, 2008 at 9:16 AM, Thijs Kinkhorst <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-1601-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Thijs Kinkhorst > July 04, 2008 http://www.debian.org/security/faq > - ------------------------------------------------------------------------ > > Package : wordpress > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2007-1599 CVE-2008-0664 > Debian Bug : 437085 464170 > > Several remote vulnerabilities have been discovered in Wordpress, > the weblog manager. The Common Vulnerabilities and Exposures project > identifies the following problems: > > CVE-2007-1599 > > WordPress allows remote attackers to redirect authenticated users > to other websites and potentially obtain sensitive information. > > CVE-2008-0664 > > The XML-RPC implementation, when registration is enabled, allows > remote attackers to edit posts of other blog users. > > For the stable distribution (etch), these problems have been fixed in > version 2.0.10-1etch3. > > For the unstable distribution (sid), these problems have been fixed in > version 2.3.3-1. > > We recommend that you upgrade your wordpress package. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 4.0 alias etch > - ------------------------------- > > Source archives: > > > http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz > Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54 > > http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.dsc > Size/MD5 checksum: 891 d925a63731976b72ad35e4c1805623bf > > http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.diff.gz > Size/MD5 checksum: 46073 486916bd4fc6463181eaba84fdc2db31 > > Architecture independent packages: > > > http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3_all.deb > Size/MD5 checksum: 527158 280ba949f5c38079d2209a468697fb00 > > > These files will probably be moved into the stable distribution on > its next update. > > - > --------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security > dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iQEVAwUBSG3OXGz0hbPcukPfAQKS9QgAlFpafzarPjVU4EUuxx2hlN0xcL6pvgMD > 8kj7LlaU+6CU2roiQ9OVbFg7lXT0JK5DfGjlhd+ptFyoodfJacEltPWGrbACEnDS > 50BX48+24cjlQYBuYsmY5SpdAiH9kwe1LYQVjkGnSDRnbR2iZmIR264tQ1f0VhIA > Fq6XXUH2jU5rFTc0w5+4o1gfL+0INhnANR8NdTWHT13LY3lXQpnZ/LxaEllAjRgx > AV2AiO39anV5gwrDBg5ypinxQ3JhhlQmzxIOCBD946E/wySGarA7aF2xAbKtiSAS > WNtzGUtoVlUB8DGrEGNv+JT9jrQAuiK+nQ9xu+uBqz85VYzy10iGPw== > =fsW/ > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
