svn commit: r431506 - head/security/vuxml

Jason Unovitch junovitch at FreeBSD.org
Sun Jan 15 02:16:22 UTC 2017 

Author: junovitch
Date: Sun Jan 15 02:16:21 2017
New Revision: 431506
URL: https://svnweb.freebsd.org/changeset/ports/431506

Log:
  Document Wordpress security issues in 4.7.1.
  
  Note per upstream PHPMailer was updated but "No specific issue appears
  to affect WordPress or any of the major plugins we investigated". As such
  leave the PHPMailer entry as is at this time.
  
  PR:		216059
  Reported by:	Jochen Neumeister <joneum at bsdproject.de>
  Security:	CVE-2017-5487
  Security:	CVE-2017-5488
  Security:	CVE-2017-5489
  Security:	CVE-2017-5490
  Security:	CVE-2017-5491
  Security:	CVE-2017-5492
  Security:	CVE-2017-5493
  Security:	https://vuxml.FreeBSD.org/freebsd/b180d1fb-dac6-11e6-ae1b-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sun Jan 15 01:34:45 2017	(r431505)
+++ head/security/vuxml/vuln.xml	Sun Jan 15 02:16:21 2017	(r431506)
@@ -58,6 +58,48 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="b180d1fb-dac6-11e6-ae1b-002590263bf5">
+    <topic>wordpress -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>wordpress</name>
+	<range><lt>4.7.1,1</lt></range>
+      </package>
+      <package>
+	<name>de-wordpress</name>
+	<name>ja-wordpress</name>
+	<name>ru-wordpress</name>
+	<name>zh-wordpress-zh_CN</name>
+	<name>zh-wordpress-zh_TW</name>
+	<range><lt>4.7.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Aaron D. Campbell reports:</p>
+	<blockquote cite="https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/">
+	  <p>WordPress versions 4.7 and earlier are affected by eight security
+	    issues...</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2017-5487</cvename>
+      <cvename>CVE-2017-5488</cvename>
+      <cvename>CVE-2017-5489</cvename>
+      <cvename>CVE-2017-5490</cvename>
+      <cvename>CVE-2017-5491</cvename>
+      <cvename>CVE-2017-5492</cvename>
+      <cvename>CVE-2017-5493</cvename>
+      <url>http://www.openwall.com/lists/oss-security/2017/01/14/6</url>
+      <url>https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/</url>
+    </references>
+    <dates>
+      <discovery>2017-01-11</discovery>
+      <entry>2017-01-15</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e5186c65-d729-11e6-a9a5-b499baebfeaf">
     <topic>mysql -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list