664886 – Known vulnerabilities in wordpress 2.8.6

Bug 664886 - Known vulnerabilities in wordpress 2.8.6

Summary: Known vulnerabilities in wordpress 2.8.6

Keywords:
Status:	CLOSED DUPLICATE of bug 659319
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	wordpress
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Gwyn Ciesla
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-22 01:17 UTC by Ricky Zhou
Modified:	2010-12-22 03:26 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-12-22 03:26:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ricky Zhou 2010-12-22 01:17:02 UTC

Wordpress should probably be upgraded to address security
vulnerabilities in version 2.8.6.  This includes at least one SQL
injection for authors
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603), some XSS vulnerabilities, and I think some others.

The full list of vulnerabilities can probably be obtained through
wordpress's release notes at

http://codex.wordpress.org/Version_2.9
http://codex.wordpress.org/Version_2.9.1
http://codex.wordpress.org/Version_2.9.2
http://codex.wordpress.org/Version_3.0
http://codex.wordpress.org/Version_3.0.1
http://codex.wordpress.org/Version_3.0.2
http://codex.wordpress.org/Version_3.0.3

Unfortunately, upstream isn't too great about publishing detailed
reports of their security issues.

This might also be a good time to talk to the wordpress-mu maintainer
about getting rid of the wordpress-mu package and working together on
3.x, now that wordpress and wordpress-mu have been merged.

Comment 1 Ricky Zhou 2010-12-22 03:26:53 UTC

My apologies, this bug is a duplicate of #659319.

*** This bug has been marked as a duplicate of bug 659319 ***

Note You need to log in before you can comment on or make changes to this bug.