Home / vulnerabilitiesPDF  

OpenPKG-SA-2006.027.txt

Posted on 31 October 2006
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory OpenPKG GmbH
http://www.openpkg.org/security/ http://openpkg.com
OpenPKG-SA-2006.027 2006-10-30
________________________________________________________________________

Package: wordpress
Vulnerability: multiple vulnerability
OpenPKG Specific: no

Affected Series: Affected Packages: Corrected Packages:
E1.0-SOLID n.a. >= wordpress-2.0.5-E1.0.0
2-STABLE-20061018 <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030
2-STABLE <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030
CURRENT <= wordpress-2.0.4-20061013 >= wordpress-2.0.5-20061029

Description:
According to a vendor release announcement [0], security issues exist
in the personal publishing platform WordPress [1]. The "wp-db-backup"
plugin accepts filenames which could be used to access security
sensitive files.
________________________________________________________________________

References:
[0] http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/
[1] http://www.wordpress.org/
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFFRgoggHWT4GPEy58RAhgJAKCzcVAVbwWYRUeti/j308yXG5C07QCfc5Y+
YH/v7OV2So4F6KTzLyHEe6M=
=KVci
-----END PGP SIGNATURE-----

 

TOP