On Wed, 12 Aug 2009 06:27:35 +0200 Giuseppe Iuculano wrote: > Michael S. Gilbert ha scritto: > > > are you sure about this? i had checked lenny, and saw the vulnerable > > bit of code in wp-login.php. > > I tried the PoF and it works only in 2.8.x. > I didn't investigate the code because it really seems just an annoying bug, > not > a security issue.
the proof-of-concept may be version-specific. it may just require minor modifications to be compatible with old versions. i think conclusions need to be drawn based on known vulnerable source, rather than checking against proof-of-concepts. besides, it is just a one line change to address the flaw. mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
