A Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in
the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0
before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary
web script or HTML via the file parameter to wp-admin/templates.php, and
possibly other vectors involving the action variable.
Please note that wordpress is not present in sarge.
For the testing distribution (etch) this is fixed in version 2.0.9-1
For the unstable distribution (sid) this is fixed in version 2.1.1-1
This upgrade is recommended if you use wordpress.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get install wordpress
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free