Both versions 1.1.x and 2.x are affected to this WMF heap overflow issue. According to Bugzilla entry code execution is possible.
More details via https://rhn.redhat.com/errata/RHSA-2007-0001.html and http://blogs.securiteam.com/?p=785 - Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
