Your message dated Sun, 16 Aug 2009 17:19:46 +0200
with message-id <[email protected]>
and subject line fixed
has caused the Debian Bug report #510786,
regarding CVE-2008-5695: possible arbitrary code execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
510786: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510786
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wordpress
Severity: normal
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress.
CVE-2008-5695[0]:
| wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2
| and earlier, does not properly validate requests to update an option,
| which allows remote authenticated users with manage_options and
| upload_files capabilities to execute arbitrary code by uploading a PHP
| script and adding this script's pathname to active_plugins.
Since only admins have manage_options capabilities and only editors have
upload_files capabilities, I am using severity normal.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5695
http://security-tracker.debian.net/tracker/CVE-2008-5695
--- End Message ---
--- Begin Message ---
Version: 2.3.2-1
This bug was fixed in wordpress 2.3.2-1
signature.asc
Description: OpenPGP digital signature
--- End Message ---
