Please version bump wordpress to 2.3.1. Thanks. Reproducible: Always Steps to Reproduce:
FrSIRT: A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error in the "wp-admin/edit-post-rows.php" script when processing the "posts_columns" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Reintroducing security support for WordPress :-) According to upstream, it only happens when register_globals is on, which is not a recommended setup anyway. Web-Apps, your call.
mah, reassigning changed status.
Added to 2.3.1 to the tree. I also modified the ebuild a bit to a cleaner webapp ebuild. I'll remove the older version if there are no bugs on the new ebuild within a week.
Closing this one as fixed since it's not stable. In the past I think we've refused stuff that require register_globals to be on.
The new ebuild overwrites my wp-config.php file. Did I do something wrong?
Hm, I checked but I think the definition of config file is okay. In my case webapp-config protects the file correctly. When you install wordpress into the virtual host, do you see the line: ... ^o^ hiding /wp-config.php ... Do you see ... * (config) htdocs/wp-config.php ... when installing the ebuild? What is the content of /usr/share/webapps/wordpress/2.3.1/config-files
I opened a new bug to handle this regression. Please reopen this if you want to stable a new version.
