[redirected from security-review ml, which is going away...] On Sat, Mar 03, 2007 at 01:38:10AM -0600, Rich Johnson wrote: > Just wondering if this involved the version we currently have in the Feisty > repos? > > http://wordpress.org/development/2007/03/upgrade-212/ > > It seems somebody gained access and modified the 2.1.1 download allowing > installed 2.1.1 version to be exploited allowing remote PHP execution. > > According to Wordpress SVN downloads were not effected.
I examined this yesterday; it's clean. The 2.1.1 orig.tar.gz from Debian was taken prior to wordpress.org getting broken into. Based on the report, the described backdoor wasn't present. To avoid (this kind of) confusion, wordpress.org simply declared all of 2.1.1 as "bad", just to make sure no one had a bad version. -- Kees Cook
signature.asc
Description: Digital signature
-- Ubuntu-motu mailing list Ubuntu-motu@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
