Your message dated Tue, 05 Feb 2008 17:02:31 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#464170: fixed in wordpress 2.3.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Source: wordpress
Severity: grave
Tags: security patch
Hi Kai,
A security issue in wordpress' xml-rpc implementation was
found[0]:
| WordPress 2.3.3 is an urgent security release. A flaw was
| found in our XML-RPC implementation such that a specially
| crafted request would allow any valid user to edit posts of
| any other user on that blog.
Looking at the latest changes on xml-rpc the following
changesets seem to be relevant:
http://trac.wordpress.org/changeset/6709
http://trac.wordpress.org/changeset/6714
Upstream ticket:
http://trac.wordpress.org/ticket/5313
A CVE id is currently pending for this.
For further information:
[0] http://wordpress.org/development/2008/02/wordpress-233/
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpR0fG3FNrez.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.3.3-1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.3.3-1.diff.gz
to pool/main/w/wordpress/wordpress_2.3.3-1.diff.gz
wordpress_2.3.3-1.dsc
to pool/main/w/wordpress/wordpress_2.3.3-1.dsc
wordpress_2.3.3-1_all.deb
to pool/main/w/wordpress/wordpress_2.3.3-1_all.deb
wordpress_2.3.3.orig.tar.gz
to pool/main/w/wordpress/wordpress_2.3.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kai Hendry <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 05 Feb 2008 16:22:57 +0000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.3.3-1
Distribution: unstable
Urgency: high
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Kai Hendry <[EMAIL PROTECTED]>
Description:
wordpress - weblog manager
Closes: 464170
Changes:
wordpress (2.3.3-1) unstable; urgency=high
.
* New upstream security release
* http://wordpress.org/development/2008/02/wordpress-233/
* Fix for security flaw in XML-RPC implementation (Closes: #464170) and
http://trac.wordpress.org/ticket/5313
Files:
426d51b79675cfc2928a3f1c08607d63 650 web optional wordpress_2.3.3-1.dsc
19518de1117aa68f0c3de84b6858efc3 884898 web optional
wordpress_2.3.3.orig.tar.gz
785942170e1b93d5398b013695e02329 10675 web optional wordpress_2.3.3-1.diff.gz
59d2a9ac4d3d451cfb6b3bc382c39cf1 873074 web optional wordpress_2.3.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHqJL5HYflSXNkfP8RAhVpAJ0bsis9MYEmkWCJiIYSL5pVcszLDQCeLBQx
vOynt/f8RhRr8Lr5d+Y0tKw=
=XMLN
-----END PGP SIGNATURE-----
--- End Message ---
