First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 97374
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Peter Westwood <peter.westwood@ftwr.co.uk>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 97374 depends on: Show dependency tree
Bug 97374 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-29 03:49 0000 
"We would like to announce that WordPress 1.5.1.3 is now released as we
continue the availablity of a highly stable and extremely popular branch based
on the 1.5 Strayhorn codebase. Development has moved on to some exciting new
features for the next major release, but an important security issue was
brought to our attention which required an update for our users. The problem is
not yet public but you should update your blog as soon as possible to 1.5.1.3.
If you are unable to do upgrade in the short-term you may protect yourself by
deleting the xmlrpc.php file from your WordPress directory."

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-06-29 04:36:31 0000 ------- 
web-apps please bump.

------- Comment #2 From Stuart Herbert (RETIRED) 2005-06-29 04:53:51 0000 ------- 
At least they're getting their act together and making security releases now ;-
)

------- Comment #3 From Aaron Kulbe (RETIRED) 2005-06-29 06:11:03 0000 ------- 
I will bump this tonight.

------- Comment #4 From Aaron Kulbe (RETIRED) 2005-06-29 19:57:44 0000 ------- 
A little bit of miscommunication here.  The vulnerabilities were present in
1.5.1.2, and fixed in 1.5.1.3.  This includes the XML-RPC issues.  Bumping now.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-06-30 01:11:49 0000 ------- 
Thx Aaron, are you sure that only 1.5.1.2 were vulnerable?

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-06-30 02:01:51 0000 ------- 
[10:59:45] <@Koon> jaervosz: about wordpress I think versions < 1.5.1.2 are 
affected too 
 
Closing without GLSA since Wordpress is masked.

------- Comment #7 From Thierry Carrez (RETIRED) 2005-06-30 08:49:15 0000 ------- 
In fact wordpress is out of package.mask...
Calling arches to test and mark stable.

------- Comment #8 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-30 11:39:37 0000 ------- 
Stable on ppc.

------- Comment #9 From Jason Wever (RETIRED) 2005-07-02 15:41:29 0000 ------- 
Stable on SPARC.

------- Comment #10 From Thierry Carrez (RETIRED) 2005-07-03 01:52:06 0000 ------- 
Still missing ppc, x86 and amd64 stable keywords.

------- Comment #11 From Michael Hanselmann (hansmi) (RETIRED) 2005-07-03 04:55:38 0000 ------- 
Just marking it locally, but not committing it doesn't help anybody. Stable on
ppc now, finally.

------- Comment #12 From Aaron Walker (RETIRED) 2005-07-03 10:35:38 0000 ------- 
SuperLag is the current wordpress maintainer.  I'm assuming he has a x86, so
he'd probably be the best candidate.

------- Comment #13 From Thierry Carrez (RETIRED) 2005-07-04 02:45:10 0000 ------- 
superlag marked x86 and amd64 stable

------- Comment #14 From Thierry Carrez (RETIRED) 2005-07-04 06:13:58 0000 ------- 
GLSA 200507-02
First Last Prev Next    No search results available      Search page      Enter new bug