wordpress: security flaw in xml-rpc implementation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wordpress (Debian) |
Fix Released
|
Unknown
|
|||
wordpress (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: wordpress
Source: wordpress
Severity: grave
Tags: security patch
A security issue in wordpress' xml-rpc implementation was found[0]:
WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.
Looking at the latest changes on xml-rpc the following
changesets seem to be relevant:
http://
http://
Upstream ticket:
http://
A CVE id is currently pending for this.
<= Hardy Vulnerable, please open task.
Merge ready [1], I'm working on backport patch.
For further information:
[0] http://
[1] http://
Related branches
Changed in wordpress: | |
importance: | Undecided → High |
Changed in wordpress: | |
status: | Unknown → Fix Released |
Hardy merge it's avaiable: /bugs.edge. launchpad. net/ubuntu/ +source/ wordpress/ +bug/189481
https:/