Bug 664886 - Known vulnerabilities in wordpress 2.8.6
Summary: Known vulnerabilities in wordpress 2.8.6
Keywords:
Status: CLOSED DUPLICATE of bug 659319
Alias: None
Product: Fedora
Classification: Fedora
Component: wordpress
Version: 14
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-22 01:17 UTC by Ricky Zhou
Modified: 2010-12-22 03:26 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-22 03:26:53 UTC
Type: ---


Attachments (Terms of Use)

Description Ricky Zhou 2010-12-22 01:17:02 UTC
Wordpress should probably be upgraded to address security
vulnerabilities in version 2.8.6.  This includes at least one SQL
injection for authors
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603), some XSS vulnerabilities, and I think some others.

The full list of vulnerabilities can probably be obtained through
wordpress's release notes at

http://codex.wordpress.org/Version_2.9
http://codex.wordpress.org/Version_2.9.1
http://codex.wordpress.org/Version_2.9.2
http://codex.wordpress.org/Version_3.0
http://codex.wordpress.org/Version_3.0.1
http://codex.wordpress.org/Version_3.0.2
http://codex.wordpress.org/Version_3.0.3

Unfortunately, upstream isn't too great about publishing detailed
reports of their security issues.

This might also be a good time to talk to the wordpress-mu maintainer
about getting rid of the wordpress-mu package and working together on
3.x, now that wordpress and wordpress-mu have been merged.

Comment 1 Ricky Zhou 2010-12-22 03:26:53 UTC
My apologies, this bug is a duplicate of #659319.

*** This bug has been marked as a duplicate of bug 659319 ***


Note You need to log in before you can comment on or make changes to this bug.