[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
Of course, because the fix is completely irrelevent to CVS-2007-6318, which is not fixed even after WordPress 2.3.3. The fix is against another vuln instead: http://xforce.iss.net/xforce/xfdb/39409 I don't know how wrong and how far does this advisory go though. -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Debian) Status: New = Fix Released -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Ubuntu Feisty) Status: Fix Committed = Fix Released ** Changed in: wordpress (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
As stated, Hardy is not vulnerable. ** Changed in: wordpress (Ubuntu Hardy) Assignee: (unassigned) = Kees Cook (keescook) Status: Confirmed = Invalid -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
The changelog says SQL injection, but it is just an admin test failure to see unpublished posts. I've adjusted the changelog to follow the SUP more closely. The changes are building now and should be published shortly. Thanks for the fixed debdiffs! ** Changed in: wordpress (Ubuntu Feisty) Assignee: (unassigned) = Kees Cook (keescook) Status: Confirmed = Fix Committed ** Changed in: wordpress (Ubuntu Gutsy) Assignee: (unassigned) = Kees Cook (keescook) Status: Confirmed = Fix Committed -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
I am unable to apply these debdiffs: $ cat /tmp/gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff | patch -p1 patching file debian/changelog patch: malformed patch at line 15: wordpress (2.2.2-1ubuntu1.1) gutsy-security; urgency=low $ cat /tmp/feisty_wordpress_2.1.3-1ubuntu1.1.debdiff | patch -p1 patching file debian/changelog patch: malformed patch at line 15: wordpress (2.1.3-1ubuntu1) feisty; urgency=low Can you regenerate the debdiffs and also update the changelog to use https://wiki.ubuntu.com/SecurityUpdateProcedures, point '5' of 'Preparing an Update'. Thanks for your hard work on this! -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
ok, debdiff to gutsy reviewed. Now ready for upload +wordpress (2.2.2-1ubuntu1.2) gutsy-security; urgency=low + + * SECURITY UPDATE: +- SQL injection vulnerability in wp-includes/query.php + * References +- http://trac.wordpress.org/ticket/5487 +- CVE-2007-6318 (LP: #181416) + * NON-Security fix +- blogroll fix in wp-admin/upgrade-functions.php + changed Planet Debian to Planet Ubuntu + + -- Emanuele Gentili [EMAIL PROTECTED] Tue, 22 Jan 2008 18:34:21 +0100 added little fix to blogroll default items. ** Attachment added: gusty_wordpress_2.2.2-1ubuntu1.2.dsc http://launchpadlibrarian.net/11480711/gusty_wordpress_2.2.2-1ubuntu1.2.dsc -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
ok, debdiff to feisty reviewed too. Now ready for upload +wordpress (2.1.3-1ubuntu1.1) feisty-security; urgency=low + + * SECURITY UPDATE: +- SQL injection vulnerability in wp-includes/query.php + * References +- http://trac.wordpress.org/ticket/5487 +- CVE-2007-6318 (LP: #181416) + + -- Emanuele Gentili [EMAIL PROTECTED] Tue, 22 Jan 2008 19:48:59 +0100 + ** Attachment added: feisty_wordpress_2.1.3-1ubuntu1.1.dsc http://launchpadlibrarian.net/11481138/feisty_wordpress_2.1.3-1ubuntu1.1.dsc -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Attachment added: gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff http://launchpadlibrarian.net/11441048/gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Attachment added: feisty_wordpress_2.1.3-1ubuntu1.1.debdiff http://launchpadlibrarian.net/11441050/feisty_wordpress_2.1.3-1ubuntu1.1.debdiff -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
cleaned debdiff attached ** Attachment added: gutsy_wordpress_2.2.2-1ubuntu2.1.debdiff http://launchpadlibrarian.net/11397350/gutsy_wordpress_2.2.2-1ubuntu2.1.debdiff -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
cleaned debdiff attached ** Attachment added: feisty_wordpress_2.2.2-1ubuntu2.1.debdiff http://launchpadlibrarian.net/11397353/feisty_wordpress_2.1.3-1ubuntu2.debdiff -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Ubuntu) Status: Fix Released = Fix Committed ** Changed in: wordpress (Ubuntu Feisty) Status: Fix Released = Fix Committed ** Changed in: wordpress (Ubuntu Gutsy) Status: Fix Released = Fix Committed -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Debian) Status: Unknown = New -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Ubuntu) Status: Fix Committed = Confirmed ** Changed in: wordpress (Ubuntu Feisty) Status: Fix Committed = Confirmed ** Changed in: wordpress (Ubuntu Gutsy) Status: Fix Committed = Confirmed -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
Please apply patch on =gutsy hardy use 2.3.2-1ubuntu1 and this version it'snt vulnerable. -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Changed in: wordpress (Ubuntu) Status: New = Fix Released -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Bug watch added: Debian Bug tracker #456277 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456277 ** Also affects: wordpress (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456277 Importance: Unknown Status: Unknown -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
dapper not affected. ** Changed in: wordpress (Ubuntu Dapper) Status: New = Invalid ** Changed in: wordpress (Ubuntu Dapper) Assignee: (unassigned) = Emanuele Gentili (emgent) -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
Edgy not affected. ** Changed in: wordpress (Ubuntu Edgy) Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = Invalid -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** Attachment added: feisty_wordpress_2.1.3-1ubuntu2.debdiff http://launchpadlibrarian.net/11278689/feisty_wordpress_2.1.3-1ubuntu2.debdiff ** Changed in: wordpress (Ubuntu Feisty) Status: New = Fix Released ** Changed in: wordpress (Ubuntu Gutsy) Status: New = Fix Released -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
[EMAIL PROTECTED] Notified. Response: Thijs Kinkhorst [EMAIL PROTECTED] Thanks for keeping us in the loop, I've noted this patch in our tracker and it will probably be used for addressing the issue in Debian. Thijs -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 181416] Re: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
** This bug is no longer flagged as a security issue ** Visibility changed to: Public -- SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318 https://bugs.launchpad.net/bugs/181416 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs