[wp-hackers] Randy rands
viper at viper007bond.com
Wed Sep 3 14:51:06 GMT 2008
Ha, as proven earlier, it definitely isn't me who should be referred to.
On Wed, Sep 3, 2008 at 6:13 AM, Jacob Santos <wordpress at santosj.name> wrote:
> True. Or we just haven't yet seen a case where the exploit is taken full
> advantage of. Or we have and just haven't noticed that this was the cause.
> It isn't really a flaw within WordPress, but it does prevent external web
> applications on the same box from being used to adversely affect WordPress.
> I do agree with Viper007Bond, in that the security flaw isn't high enough
> to backport, but I will defer to someone who knows better (which might be
> Viper007Bond wrote:
>> It's just improved security, not a security flaw if I'm reading it right.
>> different from ditching MD5 password storage or using the better cookies
>> (again, if I understand the issue).
>> On Tue, Sep 2, 2008 at 11:35 AM, Otto <otto at ottodestruct.com> wrote:
>>> I noticed http://trac.wordpress.org/changeset/8728 and
>>> http://trac.wordpress.org/changeset/8749 the other day. It occurred to
>>> me that since this is a fix for a security issue, it might be
>>> worthwhile to backport it to 2.0.11 as well, since that's being
>>> supported until 2010.
>>> Any plans on that?
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/
More information about the wp-hackers