Wordpress 2.1.1 Security Issue
Kees Cook
kees at ubuntu.com
Sat Mar 3 15:16:03 GMT 2007
[redirected from security-review ml, which is going away...]
On Sat, Mar 03, 2007 at 01:38:10AM -0600, Rich Johnson wrote:
> Just wondering if this involved the version we currently have in the Feisty
> repos?
>
> http://wordpress.org/development/2007/03/upgrade-212/
>
> It seems somebody gained access and modified the 2.1.1 download allowing
> installed 2.1.1 version to be exploited allowing remote PHP execution.
>
> According to Wordpress SVN downloads were not effected.
I examined this yesterday; it's clean. The 2.1.1 orig.tar.gz from
Debian was taken prior to wordpress.org getting broken into. Based on
the report, the described backdoor wasn't present.
To avoid (this kind of) confusion, wordpress.org simply declared all of
2.1.1 as "bad", just to make sure no one had a bad version.
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20070303/a33c938a/attachment.pgp
More information about the Ubuntu-motu
mailing list