Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 97374 - www-apps/wordpress Multiple vulnerabilities
Summary: www-apps/wordpress Multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa] jaervosz
Depends on:
Reported: 2005-06-29 03:49 UTC by Peter Westwood
Modified: 2005-07-04 06:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Peter Westwood 2005-06-29 03:49:36 UTC
"We would like to announce that WordPress is now released as we continue the availablity of a highly stable and extremely popular branch based on the 1.5 Strayhorn codebase. Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory."
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-29 04:36:31 UTC
web-apps please bump. 
Comment 2 Stuart Herbert (RETIRED) gentoo-dev 2005-06-29 04:53:51 UTC
At least they're getting their act together and making security releases now ;-
Comment 3 Aaron Kulbe (RETIRED) gentoo-dev 2005-06-29 06:11:03 UTC
I will bump this tonight.  
Comment 4 Aaron Kulbe (RETIRED) gentoo-dev 2005-06-29 19:57:44 UTC
A little bit of miscommunication here.  The vulnerabilities were present in, and fixed in  This includes the XML-RPC issues.  Bumping now.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-30 01:11:49 UTC
Thx Aaron, are you sure that only were vulnerable? 
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-30 02:01:51 UTC
[10:59:45] <@Koon> jaervosz: about wordpress I think versions < are 
affected too 
Closing without GLSA since Wordpress is masked. 
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-06-30 08:49:15 UTC
In fact wordpress is out of package.mask...
Calling arches to test and mark stable.
Comment 8 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-30 11:39:37 UTC
Stable on ppc.
Comment 9 Jason Wever (RETIRED) gentoo-dev 2005-07-02 15:41:29 UTC
Stable on SPARC.
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-07-03 01:52:06 UTC
Still missing ppc, x86 and amd64 stable keywords.
Comment 11 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-07-03 04:55:38 UTC
Just marking it locally, but not committing it doesn't help anybody. Stable on
ppc now, finally.
Comment 12 Aaron Walker (RETIRED) gentoo-dev 2005-07-03 10:35:38 UTC
SuperLag is the current wordpress maintainer.  I'm assuming he has a x86, so
he'd probably be the best candidate.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 02:45:10 UTC
superlag marked x86 and amd64 stable
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 06:13:58 UTC
GLSA 200507-02