Wordpress should probably be upgraded to address security
vulnerabilities in version 2.8.6. This includes at least one SQL
injection for authors
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603), some XSS vulnerabilities, and I think some others.
The full list of vulnerabilities can probably be obtained through
wordpress's release notes at
Unfortunately, upstream isn't too great about publishing detailed
reports of their security issues.
This might also be a good time to talk to the wordpress-mu maintainer
about getting rid of the wordpress-mu package and working together on
3.x, now that wordpress and wordpress-mu have been merged.
My apologies, this bug is a duplicate of #659319.
*** This bug has been marked as a duplicate of bug 659319 ***