svn commit: r432696 - head/security/vuxml
Ben Woods
woodsb02 at FreeBSD.org
Sun Jan 29 03:13:22 UTC 2017
Author: woodsb02
Date: Sun Jan 29 03:13:21 2017
New Revision: 432696
URL: https://svnweb.freebsd.org/changeset/ports/432696
Log:
Document Wordpress security issues in 4.7.1.
PR: 216540
PR: 216515
Reported by: Jochen Neumeister <joneum at bsdproject.de>
Reported by: Mikhail Timofeev <9267096 at gmail.com>
Security: CVE-2017-5610
Security: CVE-2017-5611
Security: CVE-2017-5612
Security: https://vuxml.FreeBSD.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Jan 29 01:11:04 2017 (r432695)
+++ head/security/vuxml/vuln.xml Sun Jan 29 03:13:21 2017 (r432696)
@@ -58,6 +58,54 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="14ea4458-e5cd-11e6-b56d-38d547003487">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>4.7.2,1</lt></range>
+ </package>
+ <package>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <range><lt>4.7.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Aaron D. Campbell reports:</p>
+ <blockquote cite="https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/">
+ <p>WordPress versions 4.7.1 and earlier are affected by three security
+ issues:</p>
+ <ul>
+ <li>The user interface for assigning taxonomy terms in Press This is
+ shown to users who do not have permissions to use it.</li>
+ <li>WP_Query is vulnerable to a SQL injection (SQLi) when passing
+ unsafe data. WordPress core is not directly vulnerable to this
+ issue, but we’ve added hardening to prevent plugins and
+ themes from accidentally causing a vulnerability.</li>
+ <li>A cross-site scripting (XSS) vulnerability was discovered in the
+ posts list table.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5610</cvename>
+ <cvename>CVE-2017-5611</cvename>
+ <cvename>CVE-2017-5612</cvename>
+ <url>http://www.openwall.com/lists/oss-security/2017/01/28/5</url>
+ <url>https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/</url>
+ </references>
+ <dates>
+ <discovery>2017-01-26</discovery>
+ <entry>2017-01-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6e83b2f3-e4e3-11e6-9ac1-a4badb2f4699">
<topic>nfsen -- remote command execution</topic>
<affects>
More information about the svn-ports-head
mailing list