oss-sec mailing list archives
wordpress 2.6.1
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 19 Aug 2008 11:33:46 +0200
Just had a look at the wp 2.6.1 changelog. Two security relevant bugs are listed as fixed. http://trac.wordpress.org/ticket/7359 I'd consider this worth a CVE. It's good that this ssl stuff got some attention lately (I think this is a similar issue to the recently reported cookie / secureflag issues, as it can undermine the sniffing-safety of ssl-enabled pages). http://trac.wordpress.org/ticket/6871 AFAICS this enables one to hide malicious plugins but is no real vuln. Not sure if it deserves a CVE. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- wordpress 2.6.1 Hanno Böck (Aug 19)
- Re: wordpress 2.6.1 Steven M. Christey (Aug 20)