Merge wordpress 2.5.1-8 from Debian(Unstable)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wordpress (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: wordpress
The high emergency security merge.
wordpress (2.5.1-8) unstable; urgency=high
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(
to gain unauthorized access to the admin panel.
-- Andrea De Iacovo <email address hidden> Thu, 25 Sep 2008 17:02:47 +0200
wordpress (2.5.1-7) unstable; urgency=high
* Modified CVE2008-3747 patch. (Closes: #497524)
The old patch made the package completely unusable. The new
one should solve the issue. (Thanks to Del Gurt)
-- Andrea De Iacovo <email address hidden> Thu, 04 Sep 2008 00:42:11 +0200
wordpress (2.5.1-6) unstable; urgency=high
* Added patch to fix remote attack vulnerability (Closes: #497216)
Attackers could gain administrative powers by sniffing cookies.
This patch force wordpress over a ssl connection to prevent
this issue. (CVE-2008-3747)
-- Andrea De Iacovo <email address hidden> Sun, 31 Aug 2008 09:02:22 +0200
Hi,
Please see bug 269301.
The latest upload here seems well worth having if it is needed for Ubuntu's
package. If we really don't want the other fix then this should be backported.
Thanks,
James