Pross,<div><br></div><div>Can Theme-Check call out a specific TimThumb-is-outdated warning, for the specific vulnerability? Or, is the presence of fopen() in TimThumb itself the vunlerability?</div><div><br></div><div>Chip<br>
<br><div class="gmail_quote">On Tue, Oct 12, 2010 at 1:25 PM, Edward Caissie <span dir="ltr"><<a href="mailto:edward.caissie@gmail.com">edward.caissie@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
@Gene -<br><br>Around the end of August several themes were noted to be using an older version of timthumb that had a potentiall security issue associated with the code as it was written. The timbthumb script itself was corrected before then but there were still older versions in use on some repository themes.<br>
<br>If you are using timthumb you can get the current version here if need be: <a href="http://code.google.com/p/timthumb/" target="_blank">http://code.google.com/p/<span>timthumb</span>/</a><br><br><br>Cais.<div><div></div>
<div class="h5"><br>
<br><div class="gmail_quote">On Tue, Oct 12, 2010 at 1:49 PM, Gene Robinson <span dir="ltr"><<a href="mailto:emhr@submersible.me" target="_blank">emhr@submersible.me</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
Can you explain this further(Tim Thumb issues) or point me to where is was documented?<br>
<font color="#888888"><br>
-Gene<br>
</font><div><br>
> Theme Check also does a nice job of alerting to the Tim Thumb issues that were found a little while ago with older installations.<br>
<br>
<br>
<br>
</div><div><div></div><div>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
</div></div></blockquote></div><br>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>