Bug 202071 - www-apps/wordpress < 2.3.2 SQL injection vulnerability (CVE-2007-6318)
Bug#: 202071 (CVE-2007-6318) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: lars@chaotika.org
Component: Vulnerabilities
URL:  http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt
Summary: www-apps/wordpress < 2.3.2 SQL injection vulnerability (CVE-2007-6318)
Keywords:  
Status Whiteboard: ~3 [noglsa]
Opened: 2007-12-12 18:23 0000
Description:   Opened: 2007-12-12 18:23 0000 
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and
earlier allows remote attackers to execute arbitrary SQL commands via the s
parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other
character set encodings that support a "\" in a multibyte character.

Reproducible: Always

------- Comment #1 From Robert Buchholz 2007-12-13 01:28:03 0000 ------- 
Feel free to cc maintainers and set a whiteboard as proposal yourself ;-)

------- Comment #2 From Robert Buchholz 2007-12-13 01:28:21 0000 ------- 
web-apps, please advise.

------- Comment #3 From Gunnar Wrobel 2007-12-13 06:23:34 0000 ------- 
No patch available and I don't see a chance at fixing it myself. Should we mask
it again?

------- Comment #4 From Tomas Hoger 2007-12-13 07:50:31 0000 ------- 
Upstream bug: http://trac.wordpress.org/ticket/5455

------- Comment #5 From Robert Buchholz 2007-12-13 12:22:05 0000 ------- 
(In reply to comment #3)
> No patch available and I don't see a chance at fixing it myself. Should we mask
> it again? 

No need to jump to a mask if we can fix it within target delay, which is 40
days for ~X. Let's give the Wordpress folks some days.

------- Comment #6 From Gunnar Wrobel 2008-01-08 06:30:26 0000 ------- 
Added 2.3.2 to the tree. All archs unstable. Removed insecure versions. webapps
done here.