[Frugalware-git] homepage-ng: FSA638-wordpress

Miklos Vajna Tue, 09 Mar 2010 16:04:24 -0800

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=4d2f21f8a367dd656f652ee83c1de8423ed058f0


commit 4d2f21f8a367dd656f652ee83c1de8423ed058f0
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Tue Mar 9 17:18:55 2010 +0100

FSA638-wordpress

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index bc82f35..34502dd 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@

<fsas>
<fsa>
+               <id>638</id>
+               <date>2010-03-10</date>
+               <author>Miklos Vajna</author>
+               <package>wordpress</package>
+               <vulnerable>2.9.1-1</vulnerable>
+               <unaffected>2.9.2-1locris1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4131</bts>
+               
<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0682</cve>
+               <desc>A vulnerability has been discovered in WordPress, which 
can be exploited by malicious users to bypass certain security restrictions.
+                       The vulnerability is caused due to WordPress not 
properly restricting access to trashed posts, which can be exploited to e.g. 
view a trashed post by accessing it's page directly.
+                       Successful exploitation requires a valid user 
account.</desc>
+       </fsa>
+       <fsa>
<id>637</id>
<date>2010-03-09</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

[Frugalware-git] homepage-ng: FSA638-wordpress

Reply via email to