Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3747 to the following vulnerability: The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. Upstream bug report: http://trac.wordpress.org/ticket/7359 References: http://www.openwall.com/lists/oss-security/2008/08/19/1 http://www.openwall.com/lists/oss-security/2008/08/20/3 Fixed upstream in: 2.6.1
I am working on it for F-9, F-8 and EL-5.
wordpress-2.6.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/wordpress-2.6.1-1.fc9
wordpress-2.6.1-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/wordpress-2.6.1-1.fc8
wordpress-2.6.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-2.6.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.