Your message dated Sun, 23 Aug 2009 14:03:09 +0000
with message-id <[email protected]>
and subject line Bug#536724: fixed in wordpress 2.0.10-1etch4
has caused the Debian Bug report #536724,
regarding wordpress: CORE-2009-0515 priviledges unchecked and multiple
information disclosures
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
536724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: wordpress
version: 2.0.10-1etch3
severity: serious
tags: security
an advisory, CORE-2009-0515, has been issued for wordpress. there are issues
with unchecked privilidges and many potential information disclosures. see [1].
this is fixed in upstream version 2.8.1. please coordinate with the security
team to prepare updates for the stable releases.
[1]
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=advisory&name=WordPress_Privileges_Unchecked
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.0.10-1etch4
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.10-1etch4.diff.gz
to pool/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz
wordpress_2.0.10-1etch4.dsc
to pool/main/w/wordpress/wordpress_2.0.10-1etch4.dsc
wordpress_2.0.10-1etch4_all.deb
to pool/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 15 Aug 2009 11:58:32 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.10-1etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Andrea De Iacovo <[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
wordpress - an award winning weblog manager
Closes: 491846 500115 504234 504243 504771 531736 531736 536724
Changes:
wordpress (2.0.10-1etch4) oldstable-security; urgency=high
.
* [2ef79dd] Removed 010CVE2008-0664.patch, it caused a regression and
wordpress 2.0.10 isn't affected by CVE-2008-0664. (Closes: #491846)
* [abbabe9] Fixed CVE-2008-1502 _bad_protocol_once function in KSES
allows remote attackers to conduct XSS attacks (Closes: #504243)
* [e8a73eb] Fixed CVE-2008-4106: Whitespaces in user name are now
checked during login. (Closes: #500115)
* [8a2e4f9] Fixed CVE-2008-4769: Sanitize "cat" query var and cast to
int before looking for a category template
* [711274f] Fixed CVE-2008-4796: missing input sanitising in embedded
copy of Snoopy.class.php (Closes: #504234)
* [17c72c0] Fixed CVE-2008-6762: Force redirect after an upgrade
(Closes: #531736)
* [88d8244] Fixed CVE-2008-6767: Only admin can upgrade wordpress.
(Closes: #531736)
* [d5c02a9] Fixed CVE-2009-2334 and CVE-2009-2854: Added some CYA cap checks
(Closes: #536724)
* [80e9dbd] Fixed CVE-2008-5113: Force REQUEST to be GET + POST. If
SERVER, COOKIE, or ENV are needed, use those superglobals directly.
(Closes: #504771)
* [7f577ca] Fixed CVE-2009-2851: Sanitize HTML URLs in author comments
* [f23d55f] Fixed CVE-2009-2853: Stop direct loading of files in wp-admin
that should only be included
Files:
d9389cbc71eee6f08b15762a97c9d537 607 web optional wordpress_2.0.10-1etch4.dsc
45349b0822fc376b8cfef51b5cec3510 50984 web optional
wordpress_2.0.10-1etch4.diff.gz
71a6aea482d0e7afb9c82701bef336e9 521060 web optional
wordpress_2.0.10-1etch4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqN5KUACgkQ62zWxYk/rQf2XgCdFV8GR2K1YxsS+LI4qrIQVc+z
FXQAoKs1Tt+JiOHxEEM61EeSOwUpUPhw
=kQoV
-----END PGP SIGNATURE-----
--- End Message ---
