Comment 5 for bug 269301

This bug was fixed in the package wordpress - 2.5.1-8ubuntu1

---------------
wordpress (2.5.1-8ubuntu1) intrepid; urgency=low

  * Merge from debian unstable, remaining changes:
   + debian/apache.conf:
    - Changed to use /var/www instead of /srv/www for virtual webroot.
   + debian/setup-mysql:
    - Changed to use /var/www instead of /srv/www.
   + debian/patches/010_remove_update_notice.patch:
    - Removed Wordpress upgrade notify in admin dashboard.
  * Drop debian/patches/008CVE2008-3747.patch as we don't support SSL
    in our version we don't need it. (See LP: #269301)

wordpress (2.5.1-8) unstable; urgency=high

  * Added 009CVE2008-4106 patch. (Closes: #500115)
    Whitespaces in user name are now checked during login.
    It's not possible to register an "admin(n-whitespaces)" user anymore
    to gain unauthorized access to the admin panel.

wordpress (2.5.1-7) unstable; urgency=high

  * Modified CVE2008-3747 patch. (Closes: #497524)
    The old patch made the package completely unusable. The new
    one should solve the issue. (Thanks to Del Gurt)

wordpress (2.5.1-6) unstable; urgency=high

  * Added patch to fix remote attack vulnerability (Closes: #497216)
   Attackers could gain administrative powers by sniffing cookies.
   This patch force wordpress over a ssl connection to prevent
   this issue. (CVE-2008-3747)

 -- Stefan Ebner <email address hidden> Thu, 02 Oct 2008 22:24:20 +0200