svn commit: r323801 - head/security/vuxml
Remko Lodder
remko at FreeBSD.org
Sat Jul 27 17:36:20 UTC 2013
Author: remko (src,doc committer)
Date: Sat Jul 27 17:36:19 2013
New Revision: 323801
URL: http://svnweb.freebsd.org/changeset/ports/323801
Log:
Add entry for wordpress < 3.5.2
Requested by: Patrick Oonk
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Jul 27 17:20:42 2013 (r323800)
+++ head/security/vuxml/vuln.xml Sat Jul 27 17:36:19 2013 (r323801)
@@ -51,6 +51,58 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>3.5.2,1</lt></range>
+ </package>
+ <package>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <range><lt>3.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The wordpress development team reports:</p>
+ <blockquote cite="https://wordpress.org/news/2013/06/wordpress-3-5-2/">
+ <ul>
+ <li>Blocking server-side request forgery attacks, which could
+ potentially enable an attacker to gain access to a site</li>
+ <li>Disallow contributors from improperly publishing posts</li>
+ <li>An update to the SWFUpload external library to fix cross-site
+ scripting vulnerabilities</li>
+ <li>Prevention of a denial of service attack, affecting sites
+ using password-protected posts</li>
+ <li>An update to an external TinyMCE library to fix a cross-site
+ scripting vulnerability</li>
+ <li>Multiple fixes for cross-site scripting</li>
+ <li>Avoid disclosing a full file path when a upload fails</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-2199</cvename>
+ <cvename>CVE-2013-2200</cvename>
+ <cvename>CVE-2013-2201</cvename>
+ <cvename>CVE-2013-2202</cvename>
+ <cvename>CVE-2013-2203</cvename>
+ <cvename>CVE-2013-2204</cvename>
+ <cvename>CVE-2013-2205</cvename>
+ <url>https://wordpress.org/news/2013/06/wordpress-3-5-2/</url>
+ </references>
+ <dates>
+ <discovery>2013-06-21</discovery>
+ <entry>2013-07-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7943e521-f648-11e2-8607-3c970e169bc2">
<topic>bind -- denial of service vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list