[wordpress] [DSA-1564-1] several vulnerabilities
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| wordpress (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: wordpress
References:
DSA-1564-1 (http://
Quoting:
"Several remote vulnerabilities have been discovered in wordpress,
a weblog manager. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-3639
Insufficient input sanitising allowed for remote attackers to
redirect visitors to external websites.
CVE-2007-4153
Multiple cross-site scripting vulnerabilities allowed remote
authenticated administrators to inject arbitrary web script or HTML.
CVE-2007-4154
SQL injection vulnerability allowed allowed remote authenticated
administrators to execute arbitrary SQL commands.
CVE-2007-0540
WordPress allows remote attackers to cause a denial of service
(bandwidth or thread consumption) via pingback service calls with
a source URI that corresponds to a file with a binary content type,
which is downloaded even though it cannot contain usable pingback data.
[no CVE name yet]
Insufficient input sanitising caused an attacker with a normal user
account to access the administrative interface."
| William Grant (wgrant) wrote | #1 |
| Changed in wordpress: | |
| status: | New → Fix Released |
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in wordpress (Ubuntu Dapper): | |
| status: | New → Won't Fix |
All of these are already fixed.