[Bug 277267] [NEW] Merge wordpress 2.5.1-8 from Debian(Unstable)
Launchpad Bug Tracker
277267 at bugs.launchpad.net
Thu Oct 2 22:36:49 BST 2008
You have been subscribed to a public bug by Stefan Ebner (sebner):
Binary package hint: wordpress
The high emergency security merge.
wordpress (2.5.1-8) unstable; urgency=high
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
-- Andrea De Iacovo <andrea.de.iacovo at gmail.com> Thu, 25 Sep 2008
17:02:47 +0200
wordpress (2.5.1-7) unstable; urgency=high
* Modified CVE2008-3747 patch. (Closes: #497524)
The old patch made the package completely unusable. The new
one should solve the issue. (Thanks to Del Gurt)
-- Andrea De Iacovo <andrea.de.iacovo at gmail.com> Thu, 04 Sep 2008
00:42:11 +0200
wordpress (2.5.1-6) unstable; urgency=high
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
-- Andrea De Iacovo <andrea.de.iacovo at gmail.com> Sun, 31 Aug 2008
09:02:22 +0200
** Affects: wordpress (Ubuntu)
Importance: Undecided
Status: Confirmed
--
Merge wordpress 2.5.1-8 from Debian(Unstable)
https://bugs.edge.launchpad.net/bugs/277267
You received this bug notification because you are a member of Ubuntu Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list