Bug#559770: libwordpress-xmlrpc-perl embeds wordpress' xmlrpc
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Dec 7 00:17:08 UTC 2009
Package: libwordpress-xmlrpc-perl
Version: 1.19-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress. libwordpress-xmlrpc-perl embeds wordpress'
xmlrpc.php, so it may also be vulnerable. The two files differ, and I
have so far been unable to pinpoint the exact code patch to fix the
problem. Please check whether the package is affected. Even if it is
not affected, embedded code is bad, so please update the package to
make use of wordpress's code.
CVE-2007-6672[0]:
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
| protection mechanisms and read the source of files via multiple '/'
| (slash) characters in the URI.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6672
http://security-tracker.debian.org/tracker/CVE-2007-6672
More information about the pkg-perl-maintainers
mailing list