[wp-hackers] Randy rands
Jacob Santos
wordpress at santosj.name
Wed Sep 3 13:13:21 GMT 2008
True. Or we just haven't yet seen a case where the exploit is taken full
advantage of. Or we have and just haven't noticed that this was the
cause. It isn't really a flaw within WordPress, but it does prevent
external web applications on the same box from being used to adversely
affect WordPress.
I do agree with Viper007Bond, in that the security flaw isn't high
enough to backport, but I will defer to someone who knows better (which
might be Viper007Bond).
Viper007Bond wrote:
> It's just improved security, not a security flaw if I'm reading it right. No
> different from ditching MD5 password storage or using the better cookies
> (again, if I understand the issue).
>
> On Tue, Sep 2, 2008 at 11:35 AM, Otto <otto at ottodestruct.com> wrote:
>
>
>> I noticed http://trac.wordpress.org/changeset/8728 and
>> http://trac.wordpress.org/changeset/8749 the other day. It occurred to
>> me that since this is a fix for a security issue, it might be
>> worthwhile to backport it to 2.0.11 as well, since that's being
>> supported until 2010.
>>
>> Any plans on that?
>>
>> -Otto
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>>
>
>
>
>
More information about the wp-hackers
mailing list