Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 16 years ago

Closed 14 years ago

#10735 closed defect (bug) (wontfix)

CVE-2008-6767 patch: Only admin can upgrade wordpress

Reported by:	Derevko	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:
Component:	Upgrade/Install	Keywords:
Focuses:		Cc:

Description

Hi,

with the trivial attached patch I fixed CVE-2008-6767 in wordpress debian package:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6767

Attachments (1)

009CVE2008-6767.patch (1.2 KB) - added by Derevko 16 years ago.: Only admin can upgrade wordpress. (CVE-2008-6767)

Download all attachments as: .zip

Change History (5)

@Derevko
16 years ago

Attachment 009CVE2008-6767.patch added

Only admin can upgrade wordpress. (CVE-2008-6767)

#1 follow-up: ↓ 2 @scribu
16 years ago

Keywords has-patch added
Milestone changed from Unassigned to 2.9

You should use 'administrator' instead of 'level_10'.

#2 in reply to: ↑ 1 @Derevko
16 years ago

Replying to scribu:

You should use 'administrator' instead of 'level_10'.

The original patch did have 'administrator', but a user point me the fact that sometimes the administrator default account could not exist or renamed for security hardening

#3 @ryan
15 years ago

Keywords has-patch removed
Milestone changed from 2.9 to Future Release

This will break the auto upgrade.

I doubt this will be addressed since its not much of a problem in practice. Postponing to a later release for future consideration.

#4 @dd32
14 years ago

Milestone Future Release deleted
Resolution set to wontfix
Status changed from new to closed

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: