WordPress package
Anthony M Simonelli
a.simonelli at sbcglobal.net
Tue Apr 10 03:02:13 UTC 2007
On Mon, 2007-04-09 at 20:49 -0500, Scott Lockwood wrote:
> On Mon, 2007-04-09 at 21:30 -0400, Matthew Flaschen wrote:
> > Scott Lockwood wrote:
> > > On Mon, 2007-04-09 at 19:44 -0400, Matthew Flaschen wrote:
> > >> Sorry, but where? I don't see it at
> > >> https://bugs.launchpad.net/wordpress/+bugs .
> > > https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/104944
> > Sorry, that may be the best place. I honestly don't know, as I still
> > find some of the distinctions launchpad makes completely arbitrary.
> > Matthew Flaschen
>
> I just don't get why they don't take security seriously for something
> that is a _remote root exploitable vulnerability_!!! Particuarly where
> there is an example exploit published. It boggles the mind.
>
> --
> Regards,
> Scott Lockwood
Is it because it is found in the Universe repository? Quote from
sources.list:
"Also, please note that software in universe WILL NOT receive any review
or updates from the Ubuntu security team."
That's probably why people at Canonical are not rushing to fix this and
are satisfied with the fix in the newer versions.
You always have Debian who just released Etch v4.0 that includes
Wordpress 2.09. The Debian security team supports all of the packages
found in their main repositories. That's why I have a server running
Postfix with Spamassassin and Squid with Dansguardian because these
packages are part of the Universe repository for Ubuntu and therefore
not supported, and I got to make sure I have security updates.
Unfortunately it takes almost two years for Debian to put out a new
release but that may not be a problem since you're using Dapper.
More information about the ubuntu-users
mailing list