[wp-hackers] Randy rands

Jacob Santos wordpress at santosj.name
Wed Sep 3 13:13:21 GMT 2008

True. Or we just haven't yet seen a case where the exploit is taken full 
advantage of. Or we have and just haven't noticed that this was the 
cause. It isn't really a flaw within WordPress, but it does prevent 
external web applications on the same box from being used to adversely 
affect WordPress.

I do agree with Viper007Bond, in that the security flaw isn't high 
enough to backport, but I will defer to someone who knows better (which 
might be Viper007Bond).

Viper007Bond wrote:
> It's just improved security, not a security flaw if I'm reading it right. No
> different from ditching MD5 password storage or using the better cookies
> (again, if I understand the issue).
> On Tue, Sep 2, 2008 at 11:35 AM, Otto <otto at ottodestruct.com> wrote:
>> I noticed http://trac.wordpress.org/changeset/8728 and
>> http://trac.wordpress.org/changeset/8749 the other day. It occurred to
>> me that since this is a fix for a security issue, it might be
>> worthwhile to backport it to 2.0.11 as well, since that's being
>> supported until 2010.
>> Any plans on that?
>> -Otto
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list