On Thu, Dec 02, 2010 at 09:03:00PM +0900, Hideki Yamane wrote:
> tags 605603 patch
> thanks
>
> Hi,
>
> >This looks worthy of an update for squeeze. Note that the other updates
> >in 3.0.2 also include various security hardening issues so it may be
> >most appropriate to upload 3.0.2 itself for squeeze.
>
> However, you know, we are in freeze and 3.0.1 and 3.0.2 diff is about 2000
> lines. In generally, it's too much changes at this time. I hope there is
> someone who can check its worth and benefit and negotiate with release team.
Indeed. I haven't got time to do that right now.
> Anyway, proposed smallest patch to 3.0.1 is below. Please check it.
Your patch doesn't apply; there is some cut and paste whitespace damage.
I've attached a new patch which I've verified builds cleanly (on our
slightly modified package which is deployed on lenny).
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
diff -urN wordpress-3.0.1.orig//debian/patches/fix_SQLinjection_r16625.patch wordpress-3.0.1/debian/patches/fix_SQLinjection_r16625.patch
--- wordpress-3.0.1.orig//debian/patches/fix_SQLinjection_r16625.patch 1970-01-01 01:00:00.000000000 +0100
+++ wordpress-3.0.1/debian/patches/fix_SQLinjection_r16625.patch 2010-12-02 15:03:22.000000000 +0000
@@ -0,0 +1,11 @@
+Index: 3.0/wp-includes/comment.php
+===================================================================
+--- 3.0/wp-includes/comment.php (revision 13995)
++++ 3.0/wp-includes/comment.php (revision 16625)
+@@ -1655,5 +1655,5 @@
+ $pinged[] = $tb_ping;
+ } else {
+- $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
++ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) );
+ }
+ }
diff -urN wordpress-3.0.1.orig//debian/patches/series wordpress-3.0.1/debian/patches/series
--- wordpress-3.0.1.orig//debian/patches/series 2010-09-02 09:34:46.000000000 +0100
+++ wordpress-3.0.1/debian/patches/series 2010-12-02 15:03:45.000000000 +0000
@@ -7,3 +7,4 @@
010disabling_update_note.patch
manifest.patch
mu.patch
+fix_SQLinjection_r16625.patch