Bug#536724: marked as done (wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures)

[Debian Bug Tracking System]

Your message dated Sun, 23 Aug 2009 14:03:05 +0000
with message-id <e1mfdez-000810...@ries.debian.org>
and subject line Bug#536724: fixed in wordpress 2.5.1-11+lenny1
has caused the Debian Bug report #536724,
regarding wordpress: CORE-2009-0515 priviledges unchecked and multiple 
information disclosures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
536724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: wordpress
version: 2.0.10-1etch3
severity: serious
tags: security

an advisory, CORE-2009-0515, has been issued for wordpress.  there are issues
with unchecked privilidges and many potential information disclosures.  see [1].

this is fixed in upstream version 2.8.1.  please coordinate with the security
team to prepare updates for the stable releases.

[1] 
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=advisory&name=WordPress_Privileges_Unchecked

--- End Message ---

--- Begin Message ---

Source: wordpress
Source-Version: 2.5.1-11+lenny1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress_2.5.1-11+lenny1.diff.gz
  to pool/main/w/wordpress/wordpress_2.5.1-11+lenny1.diff.gz
wordpress_2.5.1-11+lenny1.dsc
  to pool/main/w/wordpress/wordpress_2.5.1-11+lenny1.dsc
wordpress_2.5.1-11+lenny1_all.deb
  to pool/main/w/wordpress/wordpress_2.5.1-11+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 536...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuse...@iuculano.it> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 15 Aug 2009 13:34:19 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.5.1-11+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Andrea De Iacovo <andrea.de.iac...@gmail.com>
Changed-By: Giuseppe Iuculano <giuse...@iuculano.it>
Description: 
 wordpress  - weblog manager
Closes: 531736 531736 536724
Changes: 
 wordpress (2.5.1-11+lenny1) stable-security; urgency=high
 .
   * [27cfd35] Fixed CVE-2008-6762: Force redirect after an upgrade
     (Closes: #531736)
   * [ac2490b] Fixed CVE-2008-6767.dpatch: Only admin can upgrade
     wordpress.(Closes: #531736)
   * [0ffcaaf] Fixed CVE-2009-2334 and CVE-2009-2854: Added some CYA cap checks
     (Closes: #536724)
   * [12717df] Fixed CVE-2009-2851: Sanitize HTML URLs in author comments
   * [d321ea7] Fixed CVE-2009-2853: Stop direct loading of files in wp-admin
     that should only be included
Checksums-Sha1: 
 f3012344a6557c1e151eb73c9a8675f17d615c84 1051 wordpress_2.5.1-11+lenny1.dsc
 4a8d82e9a80bc5b5c1c251e00296e93dbb364829 1181886 wordpress_2.5.1.orig.tar.gz
 ab98b6e0f13f2393afd049f82e7d694547712bf0 702119 
wordpress_2.5.1-11+lenny1.diff.gz
 d9c0c7d766544efe2edb7135f0712ac568ec1d5a 1029028 
wordpress_2.5.1-11+lenny1_all.deb
Checksums-Sha256: 
 e473763e11e15324bc6d142adbf57af75ae63979ea3d81c41ff44d70eac8d39d 1051 
wordpress_2.5.1-11+lenny1.dsc
 3ac5b9287d61ff90f9e1f5790dcfeda490b2da21b5af9098b2f76c3e8059057b 1181886 
wordpress_2.5.1.orig.tar.gz
 a43fff5f077001d4a3aadd1046f25ec2cb3efc488a85c8e90981167963c0fe82 702119 
wordpress_2.5.1-11+lenny1.diff.gz
 9c923a31537fe1db6b9154215663c91b915b903d056085066925c9763560fcf8 1029028 
wordpress_2.5.1-11+lenny1_all.deb
Files: 
 46d9daad717f36918e2709757523f6eb 1051 web optional 
wordpress_2.5.1-11+lenny1.dsc
 b1a40387006e54dcbd963d0cb5da0df4 1181886 web optional 
wordpress_2.5.1.orig.tar.gz
 07658ad36bed8829f58b1b6223eac294 702119 web optional 
wordpress_2.5.1-11+lenny1.diff.gz
 2d30e38e22761f87e23d2c85120bb1ff 1029028 web optional 
wordpress_2.5.1-11+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqN5K0ACgkQ62zWxYk/rQfAfACgqEvVSiSmGfpFdzc4zPhikzbM
gbQAoKJiSQEbbzMMaDv90Kk7rWbfmNhy
=lH4H
-----END PGP SIGNATURE-----

--- End Message ---