Date: Tue, 11 Aug 2009 17:27:40 -0400 (EDT) From: Steven Kreuzer <skreuzer@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ychsiao@ychsiao.org Subject: ports/137681: [Patch] www/wordpress: Remote admin reset password Message-ID: <200908112127.n7BLRe76055516@slurry.exit2shell.com> Resent-Message-ID: <200908112130.n7BLU4ES066329@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 137681 >Category: ports >Synopsis: [Patch] www/wordpress: Remote admin reset password >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Aug 11 21:30:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Steven Kreuzer >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: >Environment: System: FreeBSD slurry.exit2shell.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #3: Mon Nov 24 14:01:09 EST 2008 >Description: Include patch from upstream vendor to address the remote admin reset password security vulnerability described in http://www.milw0rm.com/exploits/9410 Added file(s): - files/patch-wp-login.php Port maintainer (ychsiao@ychsiao.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- wordpress-2.8.3_1,1.patch begins here --- Index: Makefile =================================================================== RCS file: /usr/share/cvs/freebsd/ports/www/wordpress/Makefile,v retrieving revision 1.51 diff -u -u -r1.51 Makefile --- Makefile 5 Aug 2009 07:50:43 -0000 1.51 +++ Makefile 11 Aug 2009 21:14:53 -0000 @@ -7,6 +7,7 @@ PORTNAME= wordpress PORTVERSION= 2.8.3 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= www MASTER_SITES= http://wordpress.org/ \ @@ -35,6 +36,7 @@ @sleep 1 pre-install: + ${RM} ${WRKSRC}/wp-login.php.orig cd ${WRKSRC} && ${FIND} -s * -type f | \ ${SED} -e 's|^|${WORDPRESS}/|' > ${PLIST} \ && ${FIND} -d * -type d | \ Index: files/patch-wp-login.php =================================================================== RCS file: files/patch-wp-login.php diff -N files/patch-wp-login.php --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-wp-login.php 11 Aug 2009 21:23:18 -0000 @@ -0,0 +1,11 @@ +--- wp-login.php.orig 2009-08-11 16:57:43.000000000 -0400 ++++ wp-login.php 2009-08-11 17:00:45.000000000 -0400 +@@ -187,7 +187,7 @@ + + $key = preg_replace('/[^a-z0-9]/i', '', $key); + +- if ( empty( $key ) ) ++ if ( empty( $key ) || is_array( $key ) ) + return new WP_Error('invalid_key', __('Invalid key')); + + $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); --- wordpress-2.8.3_1,1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908112127.n7BLRe76055516>