| Summary: | <www-apps/wordpress-3.0.1 Prototype JavaScript framework Cross-Site AJAX requests issue (CVE-2008-7220) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | web-apps |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://github.com/sstephenson/prototype/blob/master/CHANGELOG | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 284874 | ||
|
Description
Alex Legler (RETIRED)
2009-09-14 09:32:11 UTC
(In reply to comment #0) > WordPress 2.8.4 has 1.6.0 twice in: > ./wp-includes/js/scriptaculous/prototype.js > ./wp-includes/js/prototype.js > December 2009: The same is true for the latest Wordpress 2.8.6 (from the unmasked,unpacked 2.8.6 ebuild). It has the 1.6.0 Prototype: Prototype JavaScript framework, version 1.6.0 * (c) 2005-2007 The latest available prototype is 1.6.1.; don't know if it'll work in any version of Wordpress. There is Wordpress ticket 11041, to update its Prototype. The update is marked for inclusion at milestone Wordpress 3.0: http://core.trac.wordpress.org/ticket/11041 This means that there will probably a Wordpress version 2.9 released with the old Prototype 1.6.0. (In reply to comment #1) > This means that there will probably a Wordpress version 2.9 released with the > old Prototype 1.6.0. Confirmed, 2.9 still has 1.6.0 wordpress 3.0.1 has prototype 1.6.1. Closing noglsa. |