CVE-2012-6707 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6707): WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions. @maintainer(s), in case of bump, please call for stabilization, thank you. Gentoo Security Padawan Daj Uan (jmbailey)
I've removed all <= 4.8.2. No stabilization needed.
| | u | | a a p a n r s | n | | l m h i p r m m i i s p | e u s | r | p d a p a p c x m i 6 o s 3 a | a s l | e | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o ------+---------------------------------+-----------+------- 4.8 | o ~ ~ ~ o ~ ~ ~ o o o o o o o ~ | 6 o 4.8 | gentoo still in tree, maybe a commit? Thanks
(In reply to Christopher Díaz Riveros from comment #2) > | | u | > | a a p a n r s | n | > | l m h i p r m m i i s p | e u s | r > | p d a p a p c x m i 6 o s 3 a | a s l | e > | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p > | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o > ------+---------------------------------+-----------+------- > 4.8 | o ~ ~ ~ o ~ ~ ~ o o o o o o o ~ | 6 o 4.8 | gentoo > > still in tree, maybe a commit? > > Thanks sorry i messed that one. it should be fixed now.
