diff -u wordpress-2.9.2/debian/changelog wordpress-2.9.2/debian/changelog --- wordpress-2.9.2/debian/changelog +++ wordpress-2.9.2/debian/changelog @@ -1,3 +1,13 @@ +wordpress (2.9.2-1ubuntu1.2) lucid-security; urgency=low + + * SECURITY UPDATE: SQL Injection vulnerability in the trackback + functions. (LP: #716641) + - debian/patches/CVE-2010-4257.patch + - CVE-2010-4257 + - http://wordpress.org/news/2010/11/wordpress-3-0-2/ + + -- Mahyuddin Susanto Sun, 13 Feb 2011 21:53:51 +0700 + wordpress (2.9.2-1ubuntu1.1) lucid-security; urgency=low * SECURITY UPDATE: fix several issues in the KSES HTML sanitization library diff -u wordpress-2.9.2/debian/patches/series wordpress-2.9.2/debian/patches/series --- wordpress-2.9.2/debian/patches/series +++ wordpress-2.9.2/debian/patches/series @@ -9,0 +10 @@ +CVE-2010-4257.patch only in patch2: unchanged: --- wordpress-2.9.2.orig/debian/patches/CVE-2010-4257.patch +++ wordpress-2.9.2/debian/patches/CVE-2010-4257.patch @@ -0,0 +1,19 @@ +# Description: SQL Injection vulnerability in the trackback functions +# Origin: http://core.trac.wordpress.org/changeset/16625 +# Bug-Ubuntu: https://launchpad.net/bugs/716641 +# Bug-Debian: http://bugs.debian.org/605603 +# Bug-Redhat: https://bugzilla.redhat.com/659265 + +Index: wordpress-2.9.2/wp-includes/comment.php +=================================================================== +--- wordpress-2.9.2.orig/wp-includes/comment.php 2011-02-11 02:08:25.439400757 +0700 ++++ wordpress-2.9.2/wp-includes/comment.php 2011-02-11 02:08:21.555669565 +0700 +@@ -1589,7 +1589,7 @@ + trackback($tb_ping, $post_title, $excerpt, $post_id); + $pinged[] = $tb_ping; + } else { +- $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); ++ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, %s, '')) WHERE ID = %d", $tb_ping, $post_id) ); + } + } + }