[Secure-testing-team] Bug#745033: Bulk edit regression in Wordpress 3.8.2
Steven Chamberlain
steven at pyro.eu.org
Thu Apr 17 12:39:50 UTC 2014
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u2
Severity: normal
Tags: security upstream patch
Hi,
Upstream Wordpress 3.8.2 introduced a bug in bulk_edit_posts:
https://core.trac.wordpress.org/ticket/27792
It seems to me that cs27976_priv_esc backported the bug into
Wordpress 3.6, though I haven't tested in a running WP instance.
There was an incomplete fix committed as cs27991, that was reverted
and improved by cs28114. Combining these, I ended up with the attached
cs28114_bulk_edit_posts
Thanks.
-- System Information:
Debian Release: 7.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cs28114_bulk_edit_posts
Type: text/x-diff
Size: 758 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140417/4244ffac/attachment.diff>
More information about the Secure-testing-team
mailing list