Your message dated Wed, 9 Nov 2005 13:19:43 +1100
with message-id <[EMAIL PROTECTED]>
and subject line Upstream says Wordpress is secure
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Oct 2005 01:37:27 +0000
>From [EMAIL PROTECTED] Tue Oct 25 18:37:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from www.steve.org.uk (skx2.dh.bytemark.co.uk) [80.68.80.176]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EUaEJ-00063a-00; Tue, 25 Oct 2005 18:37:27 -0700
Received: from steve by skx2.dh.bytemark.co.uk with local (Exim 4.50)
id 1EUaFv-0002xr-FO
for [EMAIL PROTECTED]; Wed, 26 Oct 2005 02:39:07 +0100
Date: Wed, 26 Oct 2005 02:39:07 +0100
From: Steve Kemp <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: wordpress: SECURITY : Contains an insecure version of class.snoopy
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.8
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: wordpress
Version: 1.5.2-2
Severity: grave
Justification: user security hole
As described upon the following bugtraq post the class Snoopy which
is included in wordpress potentially allows arbitary command execution.
http://seclists.org/lists/fulldisclosure/2005/Oct/0536.html
The class is contained within the wordpress distribution - although
I haven't explicitly told them yet, I leave it to you to give them
a nod.
Steve
--
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
---------------------------------------
Received: (at 335817-done) by bugs.debian.org; 9 Nov 2005 02:21:10 +0000
>From [EMAIL PROTECTED] Tue Nov 08 18:21:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from skewer.dreamhost.com [64.111.107.13] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EZfaI-0005wn-00; Tue, 08 Nov 2005 18:21:10 -0800
Received: from frodo.dabase.com (d58-104-22-175.dsl.vic.optusnet.com.au
[58.104.22.175])
by skewer.dreamhost.com (Postfix) with ESMTP id C582015077
for <[EMAIL PROTECTED]>; Tue, 8 Nov 2005 18:21:08 -0800 (PST)
Received: from hendry by frodo.dabase.com with local (Exim 4.54)
id 1EZfYt-0001Wi-75
for [EMAIL PROTECTED]; Wed, 09 Nov 2005 13:19:43 +1100
Date: Wed, 9 Nov 2005 13:19:43 +1100
From: Kai Hendry <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Upstream says Wordpress is secure
Message-ID: <[EMAIL PROTECTED]>
Reply-To: Kai Hendry <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debbugs-No-Ack: please
User-Agent: Mutt/1.5.11
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,X_DEBBUGS_NO_ACK
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Upstream says the (modified) Snoopy class they ship is secure. Since I
have not come across an exploit that says otherwise, I am closing this.
Along the same lines:
http://wordpress.org/development/2005/11/wordpress-is-secure/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
