Package: wordpress Version: <= 2.5.1-3 Severity: important Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for wordpress. CVE-2008-2392[0]: | Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier | might allow remote authenticated administrators to upload and execute | arbitrary PHP files via the Upload section in the Write Tabs area of | the dashboard. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2392 http://security-tracker.debian.net/tracker/CVE-2008-2392 It seems that this bug is mentioned in wordpress as #7113 and is fixed with the new svn revision 8068. The diff for that can be viewed at: http://trac.wordpress.org/attachment/ticket/7113/7113.2.diff Kind regards, Thomas.
signature.asc
Description: Digital signature
