Date: Tue, 8 Mar 2016 01:00:34 +0000 (UTC) From: Jason Unovitch <junovitch@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r410592 - head/security/vuxml Message-ID: <201603080100.u2810YcM045748@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: junovitch Date: Tue Mar 8 01:00:34 2016 New Revision: 410592 URL: https://svnweb.freebsd.org/changeset/ports/410592 Log: Document Wordpress multiple vulnerabilities While here, fix URL reference in last Wordpress entry Security: CVE-2016-2221 Security: CVE-2016-2222 Security: https://vuxml.FreeBSD.org/freebsd/fef03980-e4c6-11e5-b2bd-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Mar 8 00:59:28 2016 (r410591) +++ head/security/vuxml/vuln.xml Tue Mar 8 01:00:34 2016 (r410592) @@ -58,6 +58,48 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="fef03980-e4c6-11e5-b2bd-002590263bf5"> + <topic>wordpress -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>4.4.2,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <name>ja-wordpress</name> + <name>ru-wordpress</name> + <name>zh-wordpress-zh_CN</name> + <name>zh-wordpress-zh_TW</name> + <range><lt>4.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Samuel Sidler reports:</p> + <blockquote cite="https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/">; + <p>WordPress 4.4.2 is now available. This is a security release for + all previous versions and we strongly encourage you to update your + sites immediately.</p> + <p>WordPress versions 4.4.1 and earlier are affected by two security + issues: a possible SSRF for certain local URIs, reported by Ronni + Skansing; and an open redirection attack, reported by Shailesh + Suthar.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-2221</cvename> + <cvename>CVE-2016-2222</cvename> + <url>http://www.openwall.com/lists/oss-security/2016/02/04/6</url>; + <url>https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/</url>; + </references> + <dates> + <discovery>2016-02-02</discovery> + <entry>2016-03-08</entry> + </dates> + </vuln> + <vuln vid="7f0fbb30-e462-11e5-a3f3-080027ef73ec"> <topic>PuTTY - old-style scp downloads may allow remote code execution</topic> <affects> @@ -3109,7 +3151,7 @@ Notes: <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Aaron Jorbin reports:</p> - <blockquote cite="INSERT URL HERE"> + <blockquote cite="https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/">; <p>WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.</p> @@ -3127,6 +3169,7 @@ Notes: <dates> <discovery>2016-01-06</discovery> <entry>2016-01-26</entry> + <modified>2016-03-08</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603080100.u2810YcM045748>