---------- Forwarded message ---------- From: Ryan Boren <[EMAIL PROTECTED]> Date: 03-Mar-2006 12:56 Subject: Re: [EMAIL PROTECTED]: Bug#355055: Several vulnerabilities discovered by Neo Security Team] To: Kai Hendry <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED]
Kai Hendry wrote: > Could I get a comment on this ASAP? The path disclosure issues are non-issues. Those a reported almost weekly by someone looking for something to do. The other things are not exploitable, as far as we can tell. There's nothing critical here. http://somethingunpredictable.com/archives/01/03/2006/wordpress-vulnerabilities-bogus/ Nevertheless, a fix for the comment cookie issues is available on our 2.0 branch. http://svn.automattic.com/wordpress/branches/2.0/ We're still deciding whether to package a 2.0.2 release along with some other non-security fixes we have ready. I'll keep you informed. Ryan
