Bug 664886

Summary: Known vulnerabilities in wordpress 2.8.6
Product: [Fedora] Fedora Reporter: Ricky Zhou <rzhou>
Component: wordpressAssignee: Gwyn Ciesla <gwync>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: gwync
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-22 03:26:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ricky Zhou 2010-12-22 01:17:02 UTC 
Wordpress should probably be upgraded to address security
vulnerabilities in version 2.8.6.  This includes at least one SQL
injection for authors
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603), some XSS vulnerabilities, and I think some others.

The full list of vulnerabilities can probably be obtained through
wordpress's release notes at

http://codex.wordpress.org/Version_2.9
http://codex.wordpress.org/Version_2.9.1
http://codex.wordpress.org/Version_2.9.2
http://codex.wordpress.org/Version_3.0
http://codex.wordpress.org/Version_3.0.1
http://codex.wordpress.org/Version_3.0.2
http://codex.wordpress.org/Version_3.0.3

Unfortunately, upstream isn't too great about publishing detailed
reports of their security issues.

This might also be a good time to talk to the wordpress-mu maintainer
about getting rid of the wordpress-mu package and working together on
3.x, now that wordpress and wordpress-mu have been merged.
Comment 1 Ricky Zhou 2010-12-22 03:26:53 UTC 
My apologies, this bug is a duplicate of #659319.

*** This bug has been marked as a duplicate of bug 659319 ***