Package: wordpress Version: 2.0.10-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for wordpress.
CVE-2008-4106[0]: | WordPress before 2.6.2 does not properly handle MySQL warnings about | insertion of username strings that exceed the maximum column width | of the user_login column, and does not properly handle space | characters when comparing usernames, which allows remote attackers | to change an arbitrary user's password to a random value by | registering a similar username and then requesting a password reset, | related to a "SQL column truncation vulnerability." NOTE: the | attacker can discover the random password by also exploiting | CVE-2008-4107. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106 http://security-tracker.debian.net/tracker/CVE-2008-4106 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
