This bug was fixed in the package wordpress - 2.5.1-8ubuntu1
---------------
wordpress (2.5.1-8ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
+ debian/patches/010_remove_update_notice.patch:
- Removed Wordpress upgrade notify in admin dashboard.
* Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
in our version we don't need it. (See LP: #269301)
wordpress (2.5.1-8) unstable; urgency=high
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
wordpress (2.5.1-7) unstable; urgency=high
* Modified CVE2008-3747 patch. (Closes: #497524)
The old patch made the package completely unusable. The new
one should solve the issue. (Thanks to Del Gurt)
wordpress (2.5.1-6) unstable; urgency=high
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
-- Stefan Ebner <[EMAIL PROTECTED]> Thu, 02 Oct 2008 22:24:20 +0200
** Changed in: wordpress (Ubuntu Intrepid)
Status: Won't Fix => Fix Released
--
[CVE-2008-3747] - wordpress before 2.6.1 ssl problem might allow remote
attackers to gain administrative access by sniffing the network for a cookie
https://bugs.launchpad.net/bugs/269301
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
