Public bug reported:
Binary package hint: wordpress
There are some security-related items in debian changelog of the
wordpress package:
* CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup plugin for
WordPress
* CVE-2006-6808: WordPress "get_file_description()" Function Client-Side Cross
Site Scripting Vulnerability
* CVE-2007-0539: Denial of service (bandwidth or thread consumption) via
pingback service calls
* CVE-2007-0541: Determine the existence of arbitrary files, and possibly read
portions of certain files
* CVE-2007-1049: XSS vulnerability to inject arbitrary web script or HTML to
wp-admin/templates.php
In addition, the following CVE maybe related to wordpress 2.0.2 (version in
dapper) as well:
* CVS-2006-2667
* CVE-2006-2702
* CVE-2006-3389
* CVE-2006-3390
* CVE-2006-4028
* CVE-2006-4743
* CVE-2006-5705
* CVE-2006-6016
* CVE-2006-6017
* CVE-2006-6863
* CVE-2007-0106
* CVE-2007-0107
* CVE-2007-0109
* CVE-2007-0233
* CVE-2007-0262
* CVE-2007-0540
Debian may not need to fix all of these since they already have 2.0.9 in
testing and 2.1.1 in unstable.
Do we need to fix some of these in dapper-security and edgy-security?
** Affects: wordpress (Ubuntu)
Importance: Undecided
Status: Unconfirmed
** This bug has been flagged as a security issue
--
wordpress needs security updates in dapper and edgy?
https://launchpad.net/bugs/89654
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
