> Package: wordpress > Version: 2.0.10-1 > Severity: grave > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for wordpress. > > CVE-2008-4106[0]: > | WordPress before 2.6.2 does not properly handle MySQL warnings about > | insertion of username strings that exceed the maximum column width > | of the user_login column, and does not properly handle space > | characters when comparing usernames, which allows remote attackers > | to change an arbitrary user's password to a random value by > | registering a similar username and then requesting a password reset, > | related to a "SQL column truncation vulnerability." NOTE: the > | attacker can discover the random password by also exploiting > | CVE-2008-4107. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106 > http://security-tracker.debian.net/tracker/CVE-2008-4106 > >
I prepared a new package and now I'm waiting for my sponsor to upload it. Thank you for reporting. Regards. Andrea De Iacovo
signature.asc
Description: Questa รจ una parte del messaggio firmata digitalmente
