[OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress)
From: OpenPKG <openpkg@xxxxxxxxxxx>
Date: Mon, 30 Oct 2006 15:20:41 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: The OpenPKG Project, http://www.openpkg.org/
Reply-to: openpkg@xxxxxxxxxxx
User-agent: Mutt/1.5.11 OpenPKG/2-STABLE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                                   OpenPKG GmbH
http://www.openpkg.org/security/                      http://openpkg.com
OpenPKG-SA-2006.027                                           2006-10-30
________________________________________________________________________

Package:          wordpress
Vulnerability:    multiple vulnerability
OpenPKG Specific: no

Affected Series:  Affected Packages:            Corrected Packages:
E1.0-SOLID        n.a.                          >= wordpress-2.0.5-E1.0.0
2-STABLE-20061018 <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030
2-STABLE          <= wordpress-2.0.4-2.20061018 >= wordpress-2.0.5-2.20061030
CURRENT           <= wordpress-2.0.4-20061013   >= wordpress-2.0.5-20061029

Description:
  According to a vendor release announcement [0], security issues exist
  in the personal publishing platform WordPress [1]. The "wp-db-backup"
  plugin accepts filenames which could be used to access security
  sensitive files.
________________________________________________________________________

References:
  [0] http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/ 
  [1] http://www.wordpress.org/
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFFRgoggHWT4GPEy58RAhgJAKCzcVAVbwWYRUeti/j308yXG5C07QCfc5Y+
YH/v7OV2So4F6KTzLyHEe6M=
=KVci
-----END PGP SIGNATURE-----

Prev by Date: [SECURITY] [DSA 1200-1] New Qt packages fix integer overflow
Next by Date: Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
Previous by thread: [SECURITY] [DSA 1200-1] New Qt packages fix integer overflow
Next by thread: Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
Index(es):
- Date
- Thread