diff -Nru wordpress-2.1.3/debian/changelog wordpress-2.1.3/debian/changelog
--- wordpress-2.1.3/debian/changelog	2008-01-11 05:31:29.000000000 +0100
+++ wordpress-2.1.3/debian/changelog	2008-01-11 05:31:29.000000000 +0100
@@ -1,3 +1,10 @@
+wordpress (2.1.3-1ubuntu2) feisty-security; urgency=low
+
+  * SECURITY UPDATE: SQL injection vulnerability in wp-includes/query.php
+    CVE-2007-6318 (LP: #181416)
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Fri, 11 Jan 2008 05:21:44 +0100
+
 wordpress (2.1.3-1ubuntu1) feisty; urgency=low
 
   * Merge from Debian unstable. Remaining changes:
diff -Nru wordpress-2.1.3/wp-admin/admin.php wordpress-2.1.3/wp-admin/admin.php
--- wordpress-2.1.3/wp-admin/admin.php	2006-12-13 20:21:09.000000000 +0100
+++ wordpress-2.1.3/wp-admin/admin.php	2008-01-11 05:31:29.000000000 +0100
@@ -1,4 +1,5 @@
 <?php
+define('WP_ADMIN',TRUE);
 if ( defined('ABSPATH') )
 	require_once( ABSPATH . 'wp-config.php');
 else
diff -Nru wordpress-2.1.3/wp-includes/query.php wordpress-2.1.3/wp-includes/query.php
--- wordpress-2.1.3/wp-includes/query.php	2007-03-06 18:45:40.000000000 +0100
+++ wordpress-2.1.3/wp-includes/query.php	2008-01-11 05:31:29.000000000 +0100
@@ -21,9 +21,9 @@
  */
 
 function is_admin () {
-	global $wp_query;
-
-	return ( $wp_query->is_admin || strstr($_SERVER['REQUEST_URI'], 'wp-admin/') );
+	if ( defined('WP_ADMIN') )
+		return WP_ADMIN;
+	return false;
 }
 
 function is_archive () {