wordpress: new upstream: 2.0.6

Debian Bug report logs - #405691
wordpress: new upstream: 2.0.6

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kees Cook <kees@outflux.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wordpress: new upstream: 2.0.6

Date: Fri, 05 Jan 2007 08:47:23 -0800

Package: wordpress
Version: 2.0.5-0.1
Severity: normal
Tags: security

The latest version of wordpress (2.0.6) fixes several security issues, 
including the recently announced XSS[1] and SQL Injection[2] 
vulnerabilities.

Thanks!

[1] http://www.hardened-php.net/advisory_012007.140.html
[2] http://www.hardened-php.net/advisory_022007.141.html

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages wordpress depends on:
ii  apache [httpd]                1.3.34-4   versatile, high-performance HTTP s
ii  apache2-mpm-prefork [httpd]   2.2.3-3.2  Traditional model for Apache HTTPD
ii  mysql-client-4.1 [virtual-mys 4.1.15-1   mysql database client binaries
ii  php5                          5.2.0-8    server-side, HTML-embedded scripti
ii  php5-mysql                    5.2.0-8    MySQL module for php5

wordpress recommends no packages.

-- no debconf information

Message #10 received at 405691@bugs.debian.org (full text, mbox, reply):

From: "Kai Hendry" <kai.hendry@gmail.com>

To: 405691@bugs.debian.org, 405299@bugs.debian.org, "Fabio Tranchitella" <kobold@debian.org>

Subject: Re: Bug#405691: wordpress: new upstream: 2.0.6

Date: Sat, 6 Jan 2007 12:37:58 +0100

Yesterday I prepared a new package quickly. I have just moved to
Berlin and I have poor access to the Internet. :(

I've asked my sponsor Fabio to upload, though everyone please test
this package as I couldn't. Also anyone know the CAN/CVE for this
security issue?

http://hendry.iki.fi/debian/unstable/wordpress_2.0.6-1_i386.changes

/me hops this silly windows machine with USB internet that can't be shared

Message #17 received at 405691@bugs.debian.org (full text, mbox, reply):

From: Martin Zobel-Helas <zobel@ftbfs.de>

To: 405691@bugs.debian.org

Subject: CVE Ids requested, offering sponsoring

Date: Sat, 6 Jan 2007 21:47:12 +0100

Hi Kai,

i just send requested 2 CVE Ids at MITRE, lets hope i get them soon.
Also, if you need that package sponsored soon, please contact me, i
would be willing to help, if you sponsor is too busy.

Greetings
Martin

-- 
[root@debian /root]# man real-life
No manual entry for real-life

Message #22 received at 405691@bugs.debian.org (full text, mbox, reply):

From: "Kai Hendry" <kai.hendry@gmail.com>

To: "Martin Zobel-Helas" <zobel@ftbfs.de>, 405691@bugs.debian.org

Cc: "Fabio Tranchitella" <kobold@debian.org>

Subject: Re: Bug#405691: CVE Ids requested, offering sponsoring

Date: Sun, 7 Jan 2007 12:08:05 +0100

I have not heard from Fabio so please sponsor the package or NMU.

Best wishes from Berlin,

Message #27 received at 405691@bugs.debian.org (full text, mbox, reply):

From: Fabio Tranchitella <kobold@kobold.it>

To: hendry@iki.fi

Cc: Martin Zobel-Helas <zobel@ftbfs.de>, 405691@bugs.debian.org

Subject: Re: Bug#405691: CVE Ids requested, offering sponsoring

Date: Sun, 7 Jan 2007 13:20:04 +0100

[Message part 1 (text/plain, inline)]

* 2007-01-07 12:08, Kai Hendry wrote:
> I have not heard from Fabio so please sponsor the package or NMU.

Hi!

Sorry, I've forgotten to reply to your e-mail! I am in contact with the
RMs, and I'll handle the NMU if they'll give me the permission.

Take care,

-- 
Fabio Tranchitella                         http://www.kobold.it
Free Software Developer and Consultant     http://www.tranchitella.it
_____________________________________________________________________
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 405691-close@bugs.debian.org (full text, mbox, reply):

From: Kai Hendry <hendry@iki.fi>

To: 405691-close@bugs.debian.org

Subject: Bug#405691: fixed in wordpress 2.0.6-1

Date: Mon, 08 Jan 2007 09:02:05 +0000

Source: wordpress
Source-Version: 2.0.6-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress_2.0.6-1.diff.gz
  to pool/main/w/wordpress/wordpress_2.0.6-1.diff.gz
wordpress_2.0.6-1.dsc
  to pool/main/w/wordpress/wordpress_2.0.6-1.dsc
wordpress_2.0.6-1_all.deb
  to pool/main/w/wordpress/wordpress_2.0.6-1_all.deb
wordpress_2.0.6.orig.tar.gz
  to pool/main/w/wordpress/wordpress_2.0.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kai Hendry <hendry@iki.fi> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  5 Jan 2007 14:04:56 +0000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.6-1
Distribution: unstable
Urgency: high
Maintainer: Kai Hendry <hendry@iki.fi>
Changed-By: Kai Hendry <hendry@iki.fi>
Description: 
 wordpress  - an award winning weblog manager
Closes: 405299 405691
Changes: 
 wordpress (2.0.6-1) unstable; urgency=high
 .
   * New upstream release
   * Security fix, urgency high.
   * FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()"
     Function Client-Side Cross Site Scripting Vulnerability.
     (Closes: #405299, #405691)
Files: 
 46850a512b12d5aa7209837945b2e597 558 web optional wordpress_2.0.6-1.dsc
 ebe00cee610065bc576bb38db18c792c 518012 web optional wordpress_2.0.6.orig.tar.gz
 577384ff03e82a9941c8145040df4fe7 8076 web optional wordpress_2.0.6-1.diff.gz
 bbc3e04ae707f2ec4e4e5fdc2719e5e0 519880 web optional wordpress_2.0.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFogUqK/juK3+WFWQRAhziAJ4qNGMwcqI9wbSKpSxiVIfpFR/QsgCfeENA
eXw2wfz+CjWaO3qSyfzaUIM=
=mmaR
-----END PGP SIGNATURE-----

Message #37 received at 405691@bugs.debian.org (full text, mbox, reply):

From: Martin Zobel-Helas <zobel@ftbfs.de>

To: 405691@bugs.debian.org

Subject: Re: Bug#405691: Info received (CVE Ids requested, offering sponsoring)

Date: Tue, 9 Jan 2007 07:54:35 +0100

======================================================
Name: CVE-2007-0106
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0106
Reference: BUGTRAQ:20070105 Advisory 01/2007: WordPress CSRF Protection
XSS Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded
Reference: MISC:http://www.hardened-php.net/advisory_012007.140.html
Reference:
CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/
Reference: BID:21893
Reference: URL:http://www.securityfocus.com/bid/21893
Reference: FRSIRT:ADV-2007-0061
Reference: URL:http://www.frsirt.com/english/advisories/2007/0061
Reference: SECUNIA:23595
Reference: URL:http://secunia.com/advisories/23595

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme
in WordPress before 2.0.6 allows remote attackers to inject arbitrary
web script or HTML via a CSRF attack with an invalid token and quote
characters or HTML tags in URL variable names, which are not properly
handled when WordPress generates a new link to verify the request.


======================================================
Name: CVE-2007-0107
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107
Reference: BUGTRAQ:20070105 Advisory 02/2007: WordPress Trackback
Charset Decoding SQL Injection Vulnerability
Reference:
URL:http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded
Reference: MISC:http://www.hardened-php.net/advisory_022007.141.html
Reference:
CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/
Reference: BID:21907
Reference: URL:http://www.securityfocus.com/bid/21907
Reference: FRSIRT:ADV-2007-0061
Reference: URL:http://www.frsirt.com/english/advisories/2007/0061
Reference: SECUNIA:23595
Reference: URL:http://secunia.com/advisories/23595

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes
alternate character sets after escaping the SQL query, which allows
remote attackers to bypass SQL injection protection schemes and
execute arbitrary SQL commands via multibyte charsets, as demonstrated
using UTF-7.

Send a report that this bug log contains spam.