Your message dated Sat, 20 Aug 2005 23:47:04 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323040: fixed in wordpress 1.5.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Aug 2005 11:23:02 +0000
>From [EMAIL PROTECTED] Sun Aug 14 04:23:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ip0.serverflex.de (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E4GZy-0007PI-00; Sun, 14 Aug 2005 04:23:02 -0700
Received: from dsl-084-059-167-023.arcor-ip.net ([84.59.167.23]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1E4GZx-0001E0-60
for [EMAIL PROTECTED]; Sun, 14 Aug 2005 13:23:01 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1E4GaP-0001Yf-1h; Sun, 14 Aug 2005 13:23:29 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: wordpress: Arbitrary code execution through inproper input sanitising
in
cookie handling
X-Mailer: reportbug 3.15
Date: Sun, 14 Aug 2005 13:23:28 +0200
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.59.167.23
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: wordpress
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
a vulnerability in Wordpress' cookie handling has been reported that allows
arbitrary PHP command execution, if register_globals is enabled in the PHP
config. Please see http://www.securiteam.com/unixfocus/5BP0G00GLK.html
It should be fixed in 1.5.1.4, although I couldn't find this release on the
Wordpress website.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 323040-close) by bugs.debian.org; 21 Aug 2005 06:50:32 +0000
>From [EMAIL PROTECTED] Sat Aug 20 23:50:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1E6jbk-00049p-00; Sat, 20 Aug 2005 23:47:04 -0700
From: Kai Hendry <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#323040: fixed in wordpress 1.5.2-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 20 Aug 2005 23:47:04 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: wordpress
Source-Version: 1.5.2-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_1.5.2-1.diff.gz
to pool/main/w/wordpress/wordpress_1.5.2-1.diff.gz
wordpress_1.5.2-1.dsc
to pool/main/w/wordpress/wordpress_1.5.2-1.dsc
wordpress_1.5.2-1_all.deb
to pool/main/w/wordpress/wordpress_1.5.2-1_all.deb
wordpress_1.5.2.orig.tar.gz
to pool/main/w/wordpress/wordpress_1.5.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kai Hendry <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 19 Aug 2005 10:58:17 +1000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 1.5.2-1
Distribution: unstable
Urgency: high
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Kai Hendry <[EMAIL PROTECTED]>
Description:
wordpress - an award winning weblog manager
Closes: 323040
Changes:
wordpress (1.5.2-1) unstable; urgency=high
.
* New upstream "security fix" release
* Closes: #323040: CAN-2005-2612
* See: http://wordpress.org/development/2005/08/one-five-two/
Files:
67d3fc919c076569623ae2780f6c851a 564 web optional wordpress_1.5.2-1.dsc
680e6381c8111f555a2c7066ddafd575 298514 web optional
wordpress_1.5.2.orig.tar.gz
09a0b1ed6a5073194aedae4294892b40 7575 web optional wordpress_1.5.2-1.diff.gz
d0b3587aaf4d2931ce03a0af1c9aea22 303896 web optional wordpress_1.5.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDCCHq78o9R9NraMQRAlJWAJ90BYH4CkIe0sZVCfdKS0FcP4+IPwCfXDbg
2P7eGO+Mvl19+ugLQAXZvXY=
=YBP6
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
