Debian Bug report logs -
#701667
CVE-2012-6112: wordpress: Google spellchecker can make requests to remote servers
Reported by: Henri Salo <henri@nerv.fi>
Date: Mon, 25 Feb 2013 21:15:01 UTC
Severity: important
Tags: security
Found in version wordpress/3.3.2+dfsg-1~squeeze1
Fixed in version 3.5.1+dfsg-1
Done: Raphael Hertzog <hertzog@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <iuculano@debian.org>
:
Bug#701667
; Package wordpress
.
(Mon, 25 Feb 2013 21:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
New Bug report received and forwarded. Copy sent to Giuseppe Iuculano <iuculano@debian.org>
.
(Mon, 25 Feb 2013 21:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wordpress
Version: 3.3.2+dfsg-1~squeeze1
Severity: important
Tags: security
Hello,
http://www.tinymce.com/forum/viewtopic.php?id=30036 reports:
This version includes an important security upgrade where it's possible to use
the Google spellchecker logic to make requests to remote servers. We strongly
recommend people to upgrade if they are using the PHP spellchecker with the
Google spellchecker engine enabled.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6112
https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
/usr/share/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
Haven't reproduced this issue, but I did check source code. Please ask if you
need help.
--
Henri Salo
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wordpress depends on:
ii apache2 2.2.16-6+squeeze10 Apache HTTP Server metapackage
ii apache2-mpm-prefork [ 2.2.16-6+squeeze10 Apache HTTP Server - traditional n
ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti
ii libjs-cropper 1.2.1-2 JavaScript image cropper UI
ii libjs-prototype 1.6.1-1 JavaScript Framework for dynamic w
ii libjs-scriptaculous 1.8.3-1 JavaScript library for dynamic web
ii libphp-phpmailer 5.1-1 full featured email transfer class
ii libphp-snoopy 1.2.4-2 Snoopy is a PHP class that simulat
ii mysql-client-5.1 [mys 5.1.66-0+squeeze1 MySQL database client binaries
ii php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripti
ii php5-gd 5.3.3-7+squeeze14 GD module for php5
ii php5-mysql 5.3.3-7+squeeze14 MySQL module for php5
Versions of packages wordpress recommends:
ii wordpress-l10n 3.3.2+dfsg-1~squeeze1 weblog manager - language files
Versions of packages wordpress suggests:
pn mysql-server <none> (no description available)
-- no debconf information
Reply sent
to Raphael Hertzog <hertzog@debian.org>
:
You have taken responsibility.
(Tue, 26 Feb 2013 07:21:04 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>
:
Bug acknowledged by developer.
(Tue, 26 Feb 2013 07:21:04 GMT) (full text, mbox, link).
Message #10 received at 701667-done@bugs.debian.org (full text, mbox, reply):
Version: 3.5.1+dfsg-1
On Mon, 25 Feb 2013, Henri Salo wrote:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6112
> https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
> /usr/share/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
>
> Haven't reproduced this issue, but I did check source code. Please ask if you
> need help.
The sid version (3.5.1+dfsg-2) has the fix already. For the stable
version, there are other more important security issues that are still
not solved.
It would be nice to get 3.5.1+dfsg-2 migrated to wheezy though.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Mar 2013 07:30:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:21:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.