[wp-hackers] Randy rands

Viper007Bond viper at viper007bond.com
Wed Sep 3 14:51:06 GMT 2008


Ha, as proven earlier, it definitely isn't me who should be referred to.

On Wed, Sep 3, 2008 at 6:13 AM, Jacob Santos <wordpress at santosj.name> wrote:

> True. Or we just haven't yet seen a case where the exploit is taken full
> advantage of. Or we have and just haven't noticed that this was the cause.
> It isn't really a flaw within WordPress, but it does prevent external web
> applications on the same box from being used to adversely affect WordPress.
>
> I do agree with Viper007Bond, in that the security flaw isn't high enough
> to backport, but I will defer to someone who knows better (which might be
> Viper007Bond).
>
>
> Viper007Bond wrote:
>
>> It's just improved security, not a security flaw if I'm reading it right.
>> No
>> different from ditching MD5 password storage or using the better cookies
>> (again, if I understand the issue).
>>
>> On Tue, Sep 2, 2008 at 11:35 AM, Otto <otto at ottodestruct.com> wrote:
>>
>>
>>
>>> I noticed http://trac.wordpress.org/changeset/8728 and
>>> http://trac.wordpress.org/changeset/8749 the other day. It occurred to
>>> me that since this is a fix for a security issue, it might be
>>> worthwhile to backport it to 2.0.11 as well, since that's being
>>> supported until 2010.
>>>
>>> Any plans on that?
>>>
>>> -Otto
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/


More information about the wp-hackers mailing list