Summary: | <www-apps/wordpress-3.5.2 : Password Protected Posts Denial of Service Vulnerability (CVE-2013-2173) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | laurent, tampakrap, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/53676/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-06-11 18:22:45 UTC
(In reply to Agostino Sarubbo from comment #0) > @maintainer(s): after the bump, in case we need to stabilize the package, > please say explicitly if it is ready for the stabilization or not. wordpress doesn't have any stable keywords and we don't plan to add any *** Bug 474122 has been marked as a duplicate of this bug. *** *wordpress-3.5.2 (22 Jun 2013) 22 Jun 2013; Tim Harder <radhermit@gentoo.org> +wordpress-3.5.2.ebuild: Version bump, expand CMS acronym in DESCRIPTION (bug #474030). Closing as noglsa CVE-2013-2173 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2173): wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie. |