Debian Bug report logs -
#384800
CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup plugin for WordPress
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 26 Aug 2006 20:34:06 UTC
Severity: minor
Tags: patch, security
Fixed in version wordpress/2.0.5-0.1
Done: Fabio Tranchitella <kobold@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Kai Hendry <hendry@iki.fi>:
Bug#384800; Package wordpress.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Kai Hendry <hendry@iki.fi>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wordpress
Severity: normal
Tags: security patch
A directory traversal vulnerability has been found in the WP-DB-Backup plugin
for WordPress which is included in the wordpress package.
CVE-2006-4208:
Directory traversal vulnerability in wp-db-backup.php in Skippy
WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote
authenticated users with administrative privileges to read arbitrary
files via a .. (dot dot) in the backup parameter to edit.php.
For more information and a patch, see
http://secunia.com/advisories/21486
Please mention the CVE-id in the changelog.
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#384800; Package wordpress.
(full text, mbox, link).
Message #8 received at 384800@bugs.debian.org (full text, mbox, reply):
This is a pretty minor problem if an administrator is allowed to
traverse the filesystem.
I'm waiting to hear back from upstream on this.
Severity set to `minor' from `normal'
Request was from "Kai Hendry" <kai.hendry@gmail.com>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#384800; Package wordpress.
(full text, mbox, link).
Acknowledgement sent to Jan Wagner <waja@cyconet.org>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>.
(full text, mbox, link).
Message #15 received at 384800@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Saturday 26 August 2006 23:56, Kai Hendry wrote:
> This is a pretty minor problem if an administrator is allowed to
> traverse the filesystem.
>
> I'm waiting to hear back from upstream on this.
<hint>New upstream release 2.0.5 2 days ago.</hint>
With kind regards, Jan.
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Fabio Tranchitella <kobold@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 384800-close@bugs.debian.org (full text, mbox, reply):
Source: wordpress
Source-Version: 2.0.5-0.1
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.5-0.1.diff.gz
to pool/main/w/wordpress/wordpress_2.0.5-0.1.diff.gz
wordpress_2.0.5-0.1.dsc
to pool/main/w/wordpress/wordpress_2.0.5-0.1.dsc
wordpress_2.0.5-0.1_all.deb
to pool/main/w/wordpress/wordpress_2.0.5-0.1_all.deb
wordpress_2.0.5.orig.tar.gz
to pool/main/w/wordpress/wordpress_2.0.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 384800@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabio Tranchitella <kobold@debian.org> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 3 Nov 2006 15:12:06 +0100
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.5-0.1
Distribution: unstable
Urgency: medium
Maintainer: Kai Hendry <hendry@iki.fi>
Changed-By: Fabio Tranchitella <kobold@debian.org>
Description:
wordpress - an award winning weblog manager
Closes: 382283 384800
Changes:
wordpress (2.0.5-0.1) unstable; urgency=medium
.
* NMU on maintainer's request.
* Security fix, urgency medium.
* readme.html: s/license.txt/copyright/. (Closes: #382283)
* New upstream release, which fixes:
- CVE-2006-4208: Directory traversal vulnerability in WP-DB-Backup
plugin for WordPress. (Closes: #384800)
Files:
f9fc8838e99048ed28ce4daabf87834f 562 web optional wordpress_2.0.5-0.1.dsc
f16ffc47e22ba3540a1e4f32354fae0e 517574 web optional wordpress_2.0.5.orig.tar.gz
60d7dc18ad74812f3173064f9deab248 7993 web optional wordpress_2.0.5-0.1.diff.gz
b81b4cbd4fa324daed0041aaf8bd8cbf 519130 web optional wordpress_2.0.5-0.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFS09UK/juK3+WFWQRAiUdAJ9IwU4OySLR3jcIOcBedXhWCUhFcwCgnyzK
8VicP2B2+T7JdU7jLbMFCDc=
=Pp6v
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jun 2007 07:57:52 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:35:58 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon