rpms/wordpress/F-11 changeset_r11798.diff, NONE, 1.1 wordpress.spec, 1.31, 1.32

Adrian Reber adrian at fedoraproject.org
Tue Aug 11 10:28:11 UTC 2009 

Author: adrian

Update of /cvs/extras/rpms/wordpress/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24548

Modified Files:
	wordpress.spec 
Added Files:
	changeset_r11798.diff 
Log Message:
* Tue Aug 11 2009 Adrian Reber <adrian at lisas.de> - 2.8.3-2
- another security update to fix "Remote admin reset password":
  http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html


changeset_r11798.diff:
 wp-login.php |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE changeset_r11798.diff ---
Index: /branches/2.8/wp-login.php
===================================================================
--- /branches/2.8/wp-login.php (revision 11514)
+++ /branches/2.8/wp-login.php (revision 11798)
@@ -188,5 +188,5 @@
 	$key = preg_replace('/[^a-z0-9]/i', '', $key);
 
-	if ( empty( $key ) )
+	if ( empty( $key ) || is_array( $key ) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 


Index: wordpress.spec
===================================================================
RCS file: /cvs/extras/rpms/wordpress/F-11/wordpress.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -p -r1.31 -r1.32
--- wordpress.spec	5 Aug 2009 07:45:37 -0000	1.31
+++ wordpress.spec	11 Aug 2009 10:28:10 -0000	1.32
@@ -3,7 +3,7 @@ URL: http://www.wordpress.org
 Name: wordpress
 Version: 2.8.3
 Group: Applications/Publishing
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Source0: http://wordpress.org/%{name}-%{version}.tar.gz
 Source1: wordpress-httpd-conf
@@ -11,6 +11,7 @@ Source2: README.fedora.wordpress
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: php >= 4.1.0, httpd, php-mysql
 BuildArch: noarch
+Patch0: changeset_r11798.diff
 
 %description
 Wordpress is an online publishing / weblog package that makes it very easy,
@@ -18,6 +19,7 @@ almost trivial, to get information out t
 
 %prep
 %setup -q -n wordpress
+%patch0 -p3
 # disable wp_version_check, updates are always installed via rpm
 sed -i -e "s,\(.*\)'wp_version_check'\(.*\),#\1'wp_version_check'\2,g" \
 	wp-includes/update.php
@@ -77,6 +79,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %dir %{_sysconfdir}/wordpress
 
 %changelog
+* Tue Aug 11 2009 Adrian Reber <adrian at lisas.de> - 2.8.3-2
+- another security update to fix "Remote admin reset password":
+  http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html
+
 * Mon Aug 03 2009 Adrian Reber <adrian at lisas.de> - 2.8.3-1
 - updated to 2.8.3 for security fixes

More information about the fedora-extras-commits mailing list