"We would like to announce that WordPress 1.5.1.3 is now released as we continue the availablity of a highly stable and extremely popular branch based on the 1.5 Strayhorn codebase. Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory."
web-apps please bump.
At least they're getting their act together and making security releases now ;- )
I will bump this tonight.
A little bit of miscommunication here. The vulnerabilities were present in 1.5.1.2, and fixed in 1.5.1.3. This includes the XML-RPC issues. Bumping now.
Thx Aaron, are you sure that only 1.5.1.2 were vulnerable?
[10:59:45] <@Koon> jaervosz: about wordpress I think versions < 1.5.1.2 are affected too Closing without GLSA since Wordpress is masked.
In fact wordpress is out of package.mask... Calling arches to test and mark stable.
Stable on ppc.
Stable on SPARC.
Still missing ppc, x86 and amd64 stable keywords.
Just marking it locally, but not committing it doesn't help anybody. Stable on ppc now, finally.
SuperLag is the current wordpress maintainer. I'm assuming he has a x86, so he'd probably be the best candidate.
superlag marked x86 and amd64 stable
GLSA 200507-02