[Secure-testing-team] Bug#537146: CVE-2009-2431, CVE-2009-2432
Giuseppe Iuculano
giuseppe at iuculano.it
Wed Jul 15 13:50:14 UTC 2009
Package: wordpress
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wordpress.
CVE-2009-2431[0]:
| WordPress 2.7.1 places the username of a post's author in an HTML
| comment, which allows remote attackers to obtain sensitive information
| by reading the HTML source.
CVE-2009-2432[1]:
| WordPress and WordPress MU before 2.8.1 allow remote attackers to
| obtain sensitive information via a direct request to wp-settings.php,
| which reveals the installation path in an error message.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431
http://security-tracker.debian.net/tracker/CVE-2009-2431
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2432
http://security-tracker.debian.net/tracker/CVE-2009-2432
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpd3pMACgkQNxpp46476aqM3ACfcibxTeb3VlsmO3Pw5hgJ3M1z
Q7cAn1FSBrFa0HcY8uSDEsEF1tBjGmzv
=g+1s
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list