Launchpad has imported 6 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=659265.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2010-12-02T10:52:59+00:00 Jan wrote: An improper input sanitization flaw was found in the way Wordpress performed trackbacks (a way to notify a website when an entry that references it is published) maintainance. A remote attacker, with Author-level privilege could use this flaw to conduct SQL injection attacks (gain further access to the site, which should be otherwise prohibited). References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603 [2] http://codex.wordpress.org/Version_3.0.2 Upstream changeset: [3] http://core.trac.wordpress.org/changeset/16625 Note: You may want to use w3m browser, when trying to access [2], and [3], as we are having troubles / timeouts, when accessing it via firefox / konqueror. Will post a copy of upstream patch here. Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/0 ------------------------------------------------------------------------ On 2010-12-02T10:56:38+00:00 Jan wrote: This issue affects the version of the wordpress package, as shipped with Fedora release of 13 and 14. Please fix. -- This issue affects the version of the wordpress package, as present within EPEL-5 repository. Please schedule an update. Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/1 ------------------------------------------------------------------------ On 2010-12-02T11:02:51+00:00 Jan wrote: Created attachment 464225 Promised local copy of upstream changeset Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/2 ------------------------------------------------------------------------ On 2010-12-02T14:42:04+00:00 Jan wrote: CVE Request: http://www.openwall.com/lists/oss-security/2010/12/02/1 Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/3 ------------------------------------------------------------------------ On 2010-12-02T14:44:36+00:00 Jan wrote: Created wordpress tracking bugs for this issue Affects: fedora-all [bug 659319] Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/4 ------------------------------------------------------------------------ On 2010-12-03T11:00:41+00:00 Jan wrote: The CVE identifier of CVE-2010-4257 has been assigned to this issue. Reply at: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/comments/5 ** Changed in: wordpress (Fedora) Status: Unknown => Fix Released ** Changed in: wordpress (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716641 Title: CVE-2010-4257: SQL Injection from trackback functions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/716641/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
