Bug#328909: marked as done (wordpress: CSS Security Vulnerability)

Debian Bug Tracking System Thu, 02 Feb 2006 00:48:15 -0800

Your message dated Thu, 02 Feb 2006 00:32:07 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#328909: fixed in wordpress 2.0.1-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Sep 2005 06:34:06 +0000
>From [EMAIL PROTECTED] Sat Sep 17 23:34:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from securiteam.com (houseofcards.securiteam.com) [192.117.232.213] 
        by spohr.debian.org with smtp (Exim 3.36 1 (Debian))
        id 1EGskX-0000gZ-00; Sat, 17 Sep 2005 23:34:05 -0700
Received: (qmail 7714 invoked from network); 18 Sep 2005 06:25:33 -0000
Received: from bzq-219-229-158.pop.bezeqint.net (HELO 
fezzik.beyondsecurity.com) (62.219.229.158)
  by 0 with SMTP; 18 Sep 2005 06:25:33 -0000
Received: from [192.168.4.52] (unknown [192.168.4.52])
        by fezzik.beyondsecurity.com (Postfix) with ESMTP id CF350208006
        for <[EMAIL PROTECTED]>; Sun, 18 Sep 2005 09:32:37 +0300 (IDT)
From: Noam Rathaus <[EMAIL PROTECTED]>
Organization: Beyond Security Ltd.
To: [EMAIL PROTECTED]
Subject: wordpress: CSS Security Vulnerability
Date: Sun, 18 Sep 2005 09:33:44 +0300
User-Agent: KMail/1.8.1
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: wordpress
Version: 1.5.2-1
Severity: normal


A cross site scripting vulnerability exists in Wordpress, the vulnerability 
manifests itself only when viewed by IE, as Mozilla converts < in the URL to 
&lt;

I attached a patch to resolve this issue.

# diff 
-u  /tmp/template-functions-links.php.orig 
/usr/share/wordpress/wp-includes/template-functions-links.php
--- /tmp/template-functions-links.php.orig      2005-09-18 06:18:54.000000000 
+0000
+++ /usr/share/wordpress/wp-includes/template-functions-links.php       
2005-09-18 06:20:23.000000000 +0000
@@ -353,6 +353,17 @@
        global $wp_rewrite;

        $qstr = $_SERVER['REQUEST_URI'];
+        $replacement = array ('&quot;', // Replace HTML entities
+                         '&amp;',
+                         '&lt;',
+                         '&gt;');
+
+        $pattern = array ('/"/',
+                          '/&/',
+                          '/</',
+                          '/>/');
+
+        $qstr = preg_replace($pattern, $replacement, $qstr);

        $page_querystring = "paged";
        $page_modstring = "page/";
@@ -489,4 +500,4 @@
     }
 }

-?>
\ No newline at end of file
+?>



-- System Information:
Debian Release: 3.1
Architecture: i386 (x86_64)
Kernel: Linux 2.6.11.6-RH1956
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages wordpress depends on:
ii  apache [httpd]            1.3.33-6sarge1 versatile, high-performance HTTP 
s
ii  mysql-server [virtual-mys 4.0.24-10      mysql database server binaries
ii  php4                      4:4.3.10-16    server-side, HTML-embedded 
scripti
ii  php4-mysql                4:4.3.10-16    MySQL module for php4

-- no debconf information

---------------------------------------
Received: (at 328909-close) by bugs.debian.org; 2 Feb 2006 08:40:19 +0000
>From [EMAIL PROTECTED] Thu Feb 02 00:40:18 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
        id 1F4Zst-0004fy-41; Thu, 02 Feb 2006 00:32:07 -0800
From: Kai Hendry <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#328909: fixed in wordpress 2.0.1-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 02 Feb 2006 00:32:07 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: wordpress
Source-Version: 2.0.1-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress_2.0.1-1.diff.gz
  to pool/main/w/wordpress/wordpress_2.0.1-1.diff.gz
wordpress_2.0.1-1.dsc
  to pool/main/w/wordpress/wordpress_2.0.1-1.dsc
wordpress_2.0.1-1_all.deb
  to pool/main/w/wordpress/wordpress_2.0.1-1_all.deb
wordpress_2.0.1.orig.tar.gz
  to pool/main/w/wordpress/wordpress_2.0.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kai Hendry <[EMAIL PROTECTED]> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  2 Feb 2006 11:22:31 +0900
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.1-1
Distribution: unstable
Urgency: low
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Kai Hendry <[EMAIL PROTECTED]>
Description: 
 wordpress  - an award winning weblog manager
Closes: 328909 348458
Changes: 
 wordpress (2.0.1-1) unstable; urgency=low
 .
   * New upstream release
   * CSS Security Vulnerability (Closes: #328909)
   * Please announce that upgrade.php needs to be run after update
     (Closes: #348458)
Files: 
 74d6a39f48b1c106efeda2b4523f12cf 564 web optional wordpress_2.0.1-1.dsc
 5eb6685eba97c67ccaebc74de30cef4e 504946 web optional 
wordpress_2.0.1.orig.tar.gz
 2829cca9acd7951df4b31d4d774e0eb8 6847 web optional wordpress_2.0.1-1.diff.gz
 f2c38ee5f746a76f81930c6ac96030dc 501174 web optional wordpress_2.0.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4cJAK/juK3+WFWQRAjKCAJ9b1usSRsfOV2DZ7UfgeZULIhcNtACfS7Og
Oc7zV4CURwNv62WxHELC9XY=
=B84s
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#328909: marked as done (wordpress: CSS Security Vulnerability)

Reply via email to