[theme-reviewers] Functions.php Worm

Chip Bennett chip at chipbennett.net
Tue Oct 12 18:27:44 UTC 2010


Pross,

Can Theme-Check call out a specific TimThumb-is-outdated warning, for the
specific vulnerability? Or, is the presence of fopen() in TimThumb itself
the vunlerability?

Chip

On Tue, Oct 12, 2010 at 1:25 PM, Edward Caissie <edward.caissie at gmail.com>wrote:

> @Gene -
>
> Around the end of August several themes were noted to be using an older
> version of timthumb that had a potentiall security issue associated with the
> code as it was written. The timbthumb script itself was corrected before
> then but there were still older versions in use on some repository themes.
>
> If you are using timthumb you can get the current version here if need be:
> http://code.google.com/p/timthumb/
>
>
> Cais.
>
>
> On Tue, Oct 12, 2010 at 1:49 PM, Gene Robinson <emhr at submersible.me>wrote:
>
>> Can you explain this further(Tim Thumb issues) or point me to where is was
>> documented?
>>
>> -Gene
>>
>> > Theme Check also does a nice job of alerting to the Tim Thumb issues
>> that were found a little while ago with older installations.
>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101012/4b5fb0da/attachment.htm>


More information about the theme-reviewers mailing list