Date: Thu, 26 Dec 2019 10:03:18 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r520901 - head/security/vuxml Message-ID: <201912261003.xBQA3I5k013306@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Thu Dec 26 10:03:17 2019 New Revision: 520901 URL: https://svnweb.freebsd.org/changeset/ports/520901 Log: Add entry for wordpress Sponsored by: Netzkommune GmbH Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 26 09:43:20 2019 (r520900) +++ head/security/vuxml/vuln.xml Thu Dec 26 10:03:17 2019 (r520901) @@ -58,6 +58,47 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7b97b32e-27c4-11ea-9673-4c72b94353b5"> + <topic>wordpress -- multiple issues</topic> + <affects> + <package> + <name>wordpress</name> + <name>fr-wordpress</name> + <range><lt>5.3.1,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <name>zh_CN-wordpress</name> + <name>zh_TW-wordpress</name> + <name>ja-wordpress</name> + <name>ru-wordpress</name> + <range><lt>5.3.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>wordpress developers reports:</p> + <blockquote cite="https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/"> + <p>Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. + If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. + -Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. + -Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) + could be stored in well-crafted links. + -Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named + colon attribute. + -Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.</p> + </blockquote> + </body> + </description> + <references> + <url>https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/</url> + </references> + <dates> + <discovery>2019-12-13</discovery> + <entry>2019-12-26</entry> + </dates> + </vuln> + <vuln vid="1c9178aa-2709-11ea-9673-4c72b94353b5"> <topic>typo3 -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912261003.xBQA3I5k013306>