[Bug 269301] Re: [CVE-2008-3747] - wordpress before 2.6.1 ssl problem might allow remote attackers to gain administrative access by sniffing the network for a cookie
Launchpad Bug Tracker
269301 at bugs.launchpad.net
Mon Nov 24 16:05:06 UTC 2008
This bug was fixed in the package wordpress - 2.5.1-10ubuntu1
---------------
wordpress (2.5.1-10ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes: (LP: #301340)
+ debian/apache.conf:
- Changed to use /var/www instead of /srv/www for virtual webroot.
+ debian/setup-mysql:
- Changed to use /var/www instead of /srv/www.
* debian/patches/010_remove_update_notice.patch:
- Reworked original patch to remove Wordpress upgrade notify
in admin dashboard (Rolf Leggewie) (LP: #227547)
* Include patch for CVE2008-3747 (LP: #269301)
wordpress (2.5.1-10) unstable; urgency=high
* 007CVE2008-2392.patch modified.
Now users chan dinamically choose to enable unrestricted upload for admins.
* 010_REQUEST.patch added.
This patch is only a workaround for #504771. Now cookies are properly
checked; if something malicious is found wordpress stops any other execution
until cookies are not cleaned.
-- Stefan Lesicnik <stefan at lsd.co.za> Sun, 23 Nov 2008 18:12:33 +0200
** Changed in: wordpress (Ubuntu)
Status: Invalid => Fix Released
--
[CVE-2008-3747] - wordpress before 2.6.1 ssl problem might allow remote attackers to gain administrative access by sniffing the network for a cookie
https://bugs.launchpad.net/bugs/269301
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list