Your message dated Sat, 03 May 2008 14:32:20 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#478515: fixed in wordpress 2.5.1-2
has caused the Debian Bug report #478515,
regarding README.Debian should tell about SECRET_KEY
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
478515: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478515
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: wordpress
Version: 2.5.1-1
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Today I read some bits about one of the recently closed vulnerabilities
closed in 2.5.1. The document told about a new variable SECRET_KEY, that
should be set in wp-config.php. Of course, users have to do it
themselves ([1] shall help them). But wp-config.php tells, that users
should better not edit the file and instead read README.Debian. But the
Debian specific documentation tells nothing about a) why users
shouldn't touch the file and b) (and this is what this report is about)
nothing about the new option, that seems to be a recommendation.
So the docs should tell about it or maybe the installation/upgrade/update
process should ask the users and try to set it. I consider it important,
as it seems to be of some importance. But you should know best and
adjust severity if necessary.
What is your opinion here?
[1] http://api.wordpress.org/secret-key/1.0/
Regards, Daniel
- -- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages wordpress depends on:
ii apache2 2.2.8-3 Next generation, scalable, extenda
ii apache2-mpm-prefork [httpd] 2.2.8-3 Traditional model for Apache HTTPD
ii libapache2-mod-php5 5.2.5-3 server-side, HTML-embedded scripti
pn libjs-prototype <none> (no description available)
pn libjs-scriptaculous <none> (no description available)
pn libphp-phpmailer <none> (no description available)
ii mysql-client-5.0 [virtual-mys 5.0.51a-5 MySQL database client binaries
ii php5 5.2.5-3 server-side, HTML-embedded scripti
pn php5-gd | php4-gd <none> (no description available)
ii php5-mysql 5.2.5-3 MySQL module for php5
pn tinymce <none> (no description available)
wordpress recommends no packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIFykCm0bx+wiPa4wRAp0IAKCYZWqcxSQ2CGJoLhsZZLq9qr847wCdH7o1
ZT5GKjvqk3C7KQhYFe3elRY=
=TQjQ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.5.1-2
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.5.1-2.diff.gz
to pool/main/w/wordpress/wordpress_2.5.1-2.diff.gz
wordpress_2.5.1-2.dsc
to pool/main/w/wordpress/wordpress_2.5.1-2.dsc
wordpress_2.5.1-2_all.deb
to pool/main/w/wordpress/wordpress_2.5.1-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea De Iacovo <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Apr 2008 18:45:10 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.5.1-2
Distribution: unstable
Urgency: low
Maintainer: Andrea De Iacovo <[EMAIL PROTECTED]>
Changed-By: Andrea De Iacovo <[EMAIL PROTECTED]>
Description:
wordpress - weblog manager
Closes: 478257 478515
Changes:
wordpress (2.5.1-2) unstable; urgency=low
.
* Wordpress provides a MODIFIED tinymce (Closes: #478257)
* Setup-mysql script modified to handle SECURITY_KEY. (Closes: #478515)
Checksums-Sha1:
bfce73783addcaf5479d2b383fe601386ec81c8b 1310 wordpress_2.5.1-2.dsc
cee72fece70258f07330a312852dac27e0ab3342 692510 wordpress_2.5.1-2.diff.gz
03be9a0c18f60db737f178d446166672187b6a2b 1122252 wordpress_2.5.1-2_all.deb
Checksums-Sha256:
dc4b348db61aaefd47818fb167e9c245bc6ded8069653f34f7e3faa934f27e90 1310
wordpress_2.5.1-2.dsc
c2b84c61c3be1ab2cec32bf4c82547acd2da7d49bc555aebb2819d9bbf03c3c8 692510
wordpress_2.5.1-2.diff.gz
d66169f68fbd7a21ef0b4b2fc41b9e972b2f460d075e5526aad666eca51a17c0 1122252
wordpress_2.5.1-2_all.deb
Files:
1bebf56e654935aa4861204c8db367bc 1310 web optional wordpress_2.5.1-2.dsc
021221fbe5189cdeff1bd741411543dd 692510 web optional wordpress_2.5.1-2.diff.gz
8eb5ab499dd78b47d09c262fd3edc9df 1122252 web optional wordpress_2.5.1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSBxz2Wz0hbPcukPfAQIi6QgAlkmP2a7eycHNcSM81Nm8NTUNSlFlUd0s
y2V6jqoeP4/b51Aj75HjRShszIIoXoj+pUROKIr8Pn/xvsxooTOCOYAoZAPXaYVc
0Y/A8m0RAh8VxI6o/wXTU737Kw8oi9OU/RQEFQPnr4uzQ+5Oi8+WaH7RR2wddb7h
L/fbtsuXFqXZyMCTb8N/z2W6a3FreJtawtFW4Z21E8CHdPc1jpN2+lDd7N9+7zwK
cSbwIQcRjk+CZuKxSL68b5YS8yHzrEeIvmmU5soz7dMTs39SSb35DvcLuXN4iBe6
bYEpcX/ANVn1LJXxyIZthhtEW17mCc+Qi7zJTuytXAMpKLEtxI3UfA==
=SKqc
-----END PGP SIGNATURE-----
--- End Message ---
