[Secure-testing-team] Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2
Dominic Hargreaves
dom at earth.li
Wed Dec 1 18:09:28 UTC 2010
Package: wordpress
Version: 3.0.1-2
Severity: grave
Tags: security
Justification: user security hole
3.0.2 includes an update which appears to fix an SQL injection attack:
<http://codex.wordpress.org/Version_3.0.2>
<http://core.trac.wordpress.org/changeset/16625>
This looks worthy of an update for squeeze. Note that the other updates
in 3.0.2 also include various security hardening issues so it may be
most appropriate to upload 3.0.2 itself for squeeze.
More information about the Secure-testing-team
mailing list