Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 159229
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 159229 depends on: Show dependency tree
Bug 159229 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-12-27 10:33 0000 
Vulnerability Title: WordPress Persistent XSS 
 Author: David Kierznowski 
 Homepage: http://michaeldaw.org 
 Software Vendor: WordPress Persistent XSS 
 Versions affected: Confirmed in v2.0.5 (latest) 

See homepage for more details. 

WordPress was contacted: 26/12/06 22:04 BST 
 Reply received: 27/12/06 06:11 BST 
 WordPress has fixed this for v2.0.6, see 
 http://trac.wordpress.org/changeset/4665

------- Comment #1 From Matthias Geerdsen 2006-12-30 14:19:42 0000 ------- 
CVE-2006-6808

patch available see comment #1

------- Comment #2 From Steve Dibb 2006-12-31 10:21:05 0000 ------- 
I have an updated ebuild ready to go, just need to talk to the team about the
best way to upgrade, since I'm new to webapps.

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-01-04 11:58:46 0000 ------- 
Any news on this one?

------- Comment #4 From Steve Dibb 2007-01-04 12:17:19 0000 ------- 
Fixed in CVS, removed the vulnerable version.  -r1 is patched.

------- Comment #5 From Raphael Marichez 2007-01-04 13:02:24 0000 ------- 
Thanks Steve,

The new ebuild already contains all the taget arches (the patch was indeed
trivial), jumping directly to [glsa?] status.

Security team, please vote.

I vote no-glsa.

------- Comment #6 From Wolf Giesen (RETIRED) 2007-01-04 22:00:47 0000 ------- 
Given it's nature as multi-blog provider I tend to vote YES.

------- Comment #7 From Peter Westwood 2007-01-05 06:33:31 0000 ------- 
WordPress 2.0.6 has now been released which includes the patch - could probably
bump to that before the GLSA?

------- Comment #8 From Steve Dibb 2007-01-05 09:07:59 0000 ------- 
(In reply to comment #7)
> WordPress 2.0.6 has now been released which includes the patch - could probably
> bump to that before the GLSA?
> 

I would prefer that, given a little time to get the ebuild out.

------- Comment #9 From Steve Dibb 2007-01-05 09:20:46 0000 ------- 
Okay, same as before.  I removed 2.0.5-r1, and added 2.0.6.  The new tarball is
on the local mirrors.  Should be good to go on my end. :)

------- Comment #10 From Matthias Geerdsen 2007-01-05 14:47:47 0000 ------- 
I also tend to vote yes.

further issues:

* WordPress CSRF Protection XSS Vulnerability
http://www.php-security.org/advisory_012007.140.html

* WordPress Trackback Charset Decoding SQL Injection Vulnerability
http://www.php-security.org/advisory_022007.141.html

------- Comment #11 From Sune Kloppenborg Jeppesen 2007-01-06 12:27:56 0000 ------- 
I tend to vote YES.

------- Comment #12 From Matthias Geerdsen 2007-01-08 10:45:38 0000 ------- 
before the voting never ends...

changing to a full yes, filing draft request

------- Comment #13 From Stefan Cornelius (RETIRED) 2007-01-12 12:32:50 0000 ------- 
CVE-2007-0109   wp-login.php in WordPress 2.0.5 and earlier displays different
error messages if a user exists or not, which allows remote attackers to obtain
sensitive information and facilitates brute force attacks.


CVE-2007-0107   WordPress before 2.0.6, when mbstring is enabled for PHP,
decodes alternate character sets after escaping the SQL query, which allows
remote attackers to bypass SQL injection protection schemes and execute
arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

------- Comment #14 From Raphael Marichez 2007-01-16 23:06:29 0000 ------- 
GLSA 200701-10, thanks to everybody
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug