Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2

Thu, 02 Dec 2010 07:21:21 -0800 

On Thu, Dec 02, 2010 at 09:03:00PM +0900, Hideki Yamane wrote:
> tags 605603 patch
> thanks
> 
> Hi,
> 
> >This looks worthy of an update for squeeze. Note that the other updates
> >in 3.0.2 also include various security hardening issues so it may be
> >most appropriate to upload 3.0.2 itself for squeeze.
> 
>  However, you know, we are in freeze and 3.0.1 and 3.0.2 diff is about 2000 
>  lines. In generally, it's too much changes at this time. I hope there is 
>  someone who can check its worth and benefit and negotiate with release team.

Indeed. I haven't got time to do that right now.

>  Anyway, proposed smallest patch to 3.0.1 is below. Please check it.

Your patch doesn't apply; there is some cut and paste whitespace damage.
I've attached a new patch which I've verified builds cleanly (on our
slightly modified package which is deployed on lenny).

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

diff -urN wordpress-3.0.1.orig//debian/patches/fix_SQLinjection_r16625.patch wordpress-3.0.1/debian/patches/fix_SQLinjection_r16625.patch
--- wordpress-3.0.1.orig//debian/patches/fix_SQLinjection_r16625.patch	1970-01-01 01:00:00.000000000 +0100
+++ wordpress-3.0.1/debian/patches/fix_SQLinjection_r16625.patch	2010-12-02 15:03:22.000000000 +0000
@@ -0,0 +1,11 @@
+Index: 3.0/wp-includes/comment.php
+===================================================================
+--- 3.0/wp-includes/comment.php	(revision 13995)
++++ 3.0/wp-includes/comment.php	(revision 16625)
+@@ -1655,5 +1655,5 @@
+ 				$pinged[] = $tb_ping;
+ 			} else {
+-				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
++				$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) );
+ 			}
+ 		}
diff -urN wordpress-3.0.1.orig//debian/patches/series wordpress-3.0.1/debian/patches/series
--- wordpress-3.0.1.orig//debian/patches/series	2010-09-02 09:34:46.000000000 +0100
+++ wordpress-3.0.1/debian/patches/series	2010-12-02 15:03:45.000000000 +0000
@@ -7,3 +7,4 @@
 010disabling_update_note.patch
 manifest.patch
 mu.patch
+fix_SQLinjection_r16625.patch

Reply via email to