Package: wordpress Severity: grave Tags: security patch Justification: user security hole
Hi, a vulnerability in Wordpress' cookie handling has been reported that allows arbitrary PHP command execution, if register_globals is enabled in the PHP config. Please see http://www.securiteam.com/unixfocus/5BP0G00GLK.html It should be fixed in 1.5.1.4, although I couldn't find this release on the Wordpress website. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
