Your message dated Sun, 31 Aug 2008 09:32:09 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#497216: fixed in wordpress 2.5.1-6
has caused the Debian Bug report #497216,
regarding wordpress: CVE-2008-3747 information leak, does not always force ssl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
497216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497216
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: wordpress
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress.
CVE-2008-3747[0]:
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in
| wp-includes/link-template.php in WordPress before 2.6.1 do not force
| SSL communication in the intended situations, which might allow remote
| attackers to gain administrative access by sniffing the network for a
| cookie.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
There is a patch on:
http://trac.wordpress.org/attachment/ticket/7359/edit_links_ssl.diff
Please ping me via private mail if you need a sponsor for
the upload.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3747
http://security-tracker.debian.net/tracker/CVE-2008-3747
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgphBOHTitqqJ.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.5.1-6
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.5.1-6.diff.gz
to pool/main/w/wordpress/wordpress_2.5.1-6.diff.gz
wordpress_2.5.1-6.dsc
to pool/main/w/wordpress/wordpress_2.5.1-6.dsc
wordpress_2.5.1-6_all.deb
to pool/main/w/wordpress/wordpress_2.5.1-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea De Iacovo <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 31 Aug 2008 09:02:22 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.5.1-6
Distribution: unstable
Urgency: high
Maintainer: Andrea De Iacovo <[EMAIL PROTECTED]>
Changed-By: Andrea De Iacovo <[EMAIL PROTECTED]>
Description:
wordpress - weblog manager
Closes: 497216
Changes:
wordpress (2.5.1-6) unstable; urgency=high
.
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
Checksums-Sha1:
0b399bf76f49d1d74a9a875917b94671c5b0679f 1311 wordpress_2.5.1-6.dsc
c4bb5e008264d42733f662df57e1d4259def931f 694865 wordpress_2.5.1-6.diff.gz
6af28a8c4d10675140d46d26ec398d26067af3c7 1039514 wordpress_2.5.1-6_all.deb
Checksums-Sha256:
e6e21534c00cda5c8f8ee04db1c49ddd0624591c9c4c37db861a90be9d59c726 1311
wordpress_2.5.1-6.dsc
12eff0852f2a896f8c172802a41892f56cd7a1a98abd503c85933d5eb5f65eb7 694865
wordpress_2.5.1-6.diff.gz
b2f01530ce50ad989856683e6b8d386e3c1cbb96d56db74f744d894ed96be991 1039514
wordpress_2.5.1-6_all.deb
Files:
5ac323c14c0bfdfa1fa518a63c480777 1311 web optional wordpress_2.5.1-6.dsc
703c956a6105e42f3958e673e03c01a0 694865 web optional wordpress_2.5.1-6.diff.gz
6b23f20283b960f882a4b4dc66024d3c 1039514 web optional wordpress_2.5.1-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJIumH6AAoJEGz0hbPcukPfqE4H/jopMqOgdbQ7KS1YJyg6gJmv
AJFop+rrCaKU0ciQBbz0hx4MHn6mA+P/IiS4JQJSDsHcbHdwAt8V+EjVY+yBVcwx
PTLDTBsnX6i3ObqumpWZIznfxZvBHT4qQQpQR3aNFMUZsdQH34YX6EV9KpP+CFqO
UlraLwuw123pkwbAPGPJ585T9Hno80MMMeOnaUYUsqNqr8CxKj86RuN45rrpIg7Q
sQJ9SBNkSjKZuZkWa6bKMQYyhQBSTMbxo80jiUSzqwnxX77k/smlfI4HhjYEmQ8r
qnImgb5/80Q9C3NljYbepbDwAj8u1OuOQCq0VOlA3aqHEUVYj0kWeab8HZcsdJQ=
=l9hs
-----END PGP SIGNATURE-----
--- End Message ---
