Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 97374

Summary: www-apps/wordpress 1.5.1.3 Multiple vulnerabilities
Product: Gentoo Security Reporter: Peter Westwood <peter.westwood>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: superlag, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
URL: http://www.gulftech.org/?node=research&article_id=00085-06282005
Whiteboard: B1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Peter Westwood 2005-06-29 03:49:36 UTC
"We would like to announce that WordPress 1.5.1.3 is now released as we continue the availablity of a highly stable and extremely popular branch based on the 1.5 Strayhorn codebase. Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory."
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-29 04:36:31 UTC
web-apps please bump. 
Comment 2 Stuart Herbert (RETIRED) gentoo-dev 2005-06-29 04:53:51 UTC
At least they're getting their act together and making security releases now ;-
)
Comment 3 Aaron Kulbe (RETIRED) gentoo-dev 2005-06-29 06:11:03 UTC
I will bump this tonight.  
Comment 4 Aaron Kulbe (RETIRED) gentoo-dev 2005-06-29 19:57:44 UTC
A little bit of miscommunication here.  The vulnerabilities were present in
1.5.1.2, and fixed in 1.5.1.3.  This includes the XML-RPC issues.  Bumping now.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-30 01:11:49 UTC
Thx Aaron, are you sure that only 1.5.1.2 were vulnerable? 
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-30 02:01:51 UTC
[10:59:45] <@Koon> jaervosz: about wordpress I think versions < 1.5.1.2 are 
affected too 
 
Closing without GLSA since Wordpress is masked. 
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-06-30 08:49:15 UTC
In fact wordpress is out of package.mask...
Calling arches to test and mark stable.
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-30 11:39:37 UTC
Stable on ppc.
Comment 9 Jason Wever (RETIRED) gentoo-dev 2005-07-02 15:41:29 UTC
Stable on SPARC.
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-07-03 01:52:06 UTC
Still missing ppc, x86 and amd64 stable keywords.
Comment 11 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-07-03 04:55:38 UTC
Just marking it locally, but not committing it doesn't help anybody. Stable on
ppc now, finally.
Comment 12 Aaron Walker (RETIRED) gentoo-dev 2005-07-03 10:35:38 UTC
SuperLag is the current wordpress maintainer.  I'm assuming he has a x86, so
he'd probably be the best candidate.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 02:45:10 UTC
superlag marked x86 and amd64 stable
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 06:13:58 UTC
GLSA 200507-02