oss-sec mailing list archives

wordpress 2.6.1

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 19 Aug 2008 11:33:46 +0200

Just had a look at the wp 2.6.1 changelog.

Two security relevant bugs are listed as fixed.

http://trac.wordpress.org/ticket/7359
I'd consider this worth a CVE. It's good that this ssl stuff got some 
attention lately (I think this is a similar issue to the recently reported 
cookie / secureflag issues, as it can undermine the sniffing-safety of 
ssl-enabled pages).

http://trac.wordpress.org/ticket/6871

AFAICS this enables one to hide malicious plugins but is no real vuln. Not 
sure if it deserves a CVE.


-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

wordpress 2.6.1 Hanno Böck (Aug 19)
- Re: wordpress 2.6.1 Steven M. Christey (Aug 20)