Of course, because the fix is completely irrelevent to CVS-2007-6318,
which is not fixed even after WordPress 2.3.3. The fix is against
another vuln instead:
http://xforce.iss.net/xforce/xfdb/39409
I don't know how wrong and how far does this advisory go though.
--
SQL injection vulnerability
** Changed in: wordpress (Debian)
Status: New = Fix Released
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: wordpress (Ubuntu Feisty)
Status: Fix Committed = Fix Released
** Changed in: wordpress (Ubuntu Gutsy)
Status: Fix Committed = Fix Released
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You
As stated, Hardy is not vulnerable.
** Changed in: wordpress (Ubuntu Hardy)
Assignee: (unassigned) = Kees Cook (keescook)
Status: Confirmed = Invalid
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You
The changelog says SQL injection, but it is just an admin test failure
to see unpublished posts. I've adjusted the changelog to follow the SUP
more closely. The changes are building now and should be published
shortly. Thanks for the fixed debdiffs!
** Changed in: wordpress (Ubuntu Feisty)
I am unable to apply these debdiffs:
$ cat /tmp/gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff | patch -p1
patching file debian/changelog
patch: malformed patch at line 15: wordpress (2.2.2-1ubuntu1.1)
gutsy-security; urgency=low
$ cat /tmp/feisty_wordpress_2.1.3-1ubuntu1.1.debdiff | patch -p1
ok, debdiff to gutsy reviewed.
Now ready for upload
+wordpress (2.2.2-1ubuntu1.2) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+- SQL injection vulnerability in wp-includes/query.php
+ * References
+- http://trac.wordpress.org/ticket/5487
+- CVE-2007-6318 (LP: #181416)
+ *
ok, debdiff to feisty reviewed too.
Now ready for upload
+wordpress (2.1.3-1ubuntu1.1) feisty-security; urgency=low
+
+ * SECURITY UPDATE:
+- SQL injection vulnerability in wp-includes/query.php
+ * References
+- http://trac.wordpress.org/ticket/5487
+- CVE-2007-6318 (LP: #181416)
** Attachment added: gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff
http://launchpadlibrarian.net/11441048/gutsy_wordpress_2.2.2-1ubuntu1.2.debdiff
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug
** Attachment added: feisty_wordpress_2.1.3-1ubuntu1.1.debdiff
http://launchpadlibrarian.net/11441050/feisty_wordpress_2.1.3-1ubuntu1.1.debdiff
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug
cleaned debdiff attached
** Attachment added: gutsy_wordpress_2.2.2-1ubuntu2.1.debdiff
http://launchpadlibrarian.net/11397350/gutsy_wordpress_2.2.2-1ubuntu2.1.debdiff
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
cleaned debdiff attached
** Attachment added: feisty_wordpress_2.2.2-1ubuntu2.1.debdiff
http://launchpadlibrarian.net/11397353/feisty_wordpress_2.1.3-1ubuntu2.debdiff
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
** Changed in: wordpress (Ubuntu)
Status: Fix Released = Fix Committed
** Changed in: wordpress (Ubuntu Feisty)
Status: Fix Released = Fix Committed
** Changed in: wordpress (Ubuntu Gutsy)
Status: Fix Released = Fix Committed
--
SQL injection vulnerability in
** Changed in: wordpress (Debian)
Status: Unknown = New
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
** Changed in: wordpress (Ubuntu)
Status: Fix Committed = Confirmed
** Changed in: wordpress (Ubuntu Feisty)
Status: Fix Committed = Confirmed
** Changed in: wordpress (Ubuntu Gutsy)
Status: Fix Committed = Confirmed
--
SQL injection vulnerability in wp-includes/query.php
Please apply patch on =gutsy
hardy use 2.3.2-1ubuntu1 and this version it'snt vulnerable.
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: wordpress (Ubuntu)
Status: New = Fix Released
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
** Bug watch added: Debian Bug tracker #456277
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456277
** Also affects: wordpress (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456277
Importance: Unknown
Status: Unknown
--
SQL injection vulnerability in
dapper not affected.
** Changed in: wordpress (Ubuntu Dapper)
Status: New = Invalid
** Changed in: wordpress (Ubuntu Dapper)
Assignee: (unassigned) = Emanuele Gentili (emgent)
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
Edgy not affected.
** Changed in: wordpress (Ubuntu Edgy)
Assignee: (unassigned) = Emanuele Gentili (emgent)
Status: New = Invalid
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug
** Attachment added: feisty_wordpress_2.1.3-1ubuntu2.debdiff
http://launchpadlibrarian.net/11278689/feisty_wordpress_2.1.3-1ubuntu2.debdiff
** Changed in: wordpress (Ubuntu Feisty)
Status: New = Fix Released
** Changed in: wordpress (Ubuntu Gutsy)
Status: New = Fix Released
[EMAIL PROTECTED] Notified.
Response:
Thijs Kinkhorst [EMAIL PROTECTED]
Thanks for keeping us in the loop, I've noted this patch in our tracker
and it will probably be used for addressing the issue in Debian.
Thijs
--
SQL injection vulnerability in wp-includes/query.php in WordPress
** This bug is no longer flagged as a security issue
** Visibility changed to: Public
--
SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318
https://bugs.launchpad.net/bugs/181416
You received this bug notification because you are a member of Ubuntu
Bugs, which is
23 matches
Mail list logo