diff -u wordpress-2.2.2/wp-admin/upgrade-functions.php wordpress-2.2.2/wp-admin/upgrade-functions.php --- wordpress-2.2.2/wp-admin/upgrade-functions.php +++ wordpress-2.2.2/wp-admin/upgrade-functions.php @@ -69,7 +69,7 @@ $wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, link_count, category_description) VALUES ('0', '".$wpdb->escape(__('Blogroll'))."', '".sanitize_title(__('Blogroll'))."', '7', '')"); // Now drop in some default links - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.ubuntu.com', 'Planet Debian', 0, 'http://planet.ubuntu.com/rss20.xml', '');"); + $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.ubuntu.com', 'Planet Ubuntu', 0, 'http://planet.ubuntu.com/rss20.xml', '');"); $wpdb->query( "INSERT INTO $wpdb->link2cat (`link_id`, `category_id`) VALUES (1, 2)" ); // First post diff -u wordpress-2.2.2/debian/changelog wordpress-2.2.2/debian/changelog --- wordpress-2.2.2/debian/changelog +++ wordpress-2.2.2/debian/changelog @@ -1,3 +1,16 @@ +wordpress (2.2.2-1ubuntu1.2) gutsy-security; urgency=low + + * SECURITY UPDATE: + - SQL injection vulnerability in wp-includes/query.php + * References + - http://trac.wordpress.org/ticket/5487 + - CVE-2007-6318 (LP: #181416) + * NON-Security fix + - blogroll fix in wp-admin/upgrade-functions.php + changed Planet Debian to Planet Ubuntu + + -- Emanuele Gentili Tue, 22 Jan 2008 18:34:21 +0100 + wordpress (2.2.2-1ubuntu1.1) gutsy-security; urgency=low * SECURITY UPDATE: Cross-site scripting due to improper checking of only in patch2: unchanged: --- wordpress-2.2.2.orig/wp-admin/admin.php +++ wordpress-2.2.2/wp-admin/admin.php @@ -1,4 +1,5 @@ is_admin || (strpos($_SERVER['REQUEST_URI'], 'wp-admin/') !== false)); + if ( defined('WP_ADMIN') ) + return WP_ADMIN; + return false; } function is_archive () {