Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Jan 2017 02:16:21 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r431506 - head/security/vuxml
Message-ID:  <201701150216.v0F2GLvu091436@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: junovitch
Date: Sun Jan 15 02:16:21 2017
New Revision: 431506
URL: https://svnweb.freebsd.org/changeset/ports/431506

Log:
  Document Wordpress security issues in 4.7.1.
  
  Note per upstream PHPMailer was updated but "No specific issue appears
  to affect WordPress or any of the major plugins we investigated". As such
  leave the PHPMailer entry as is at this time.
  
  PR:		216059
  Reported by:	Jochen Neumeister <joneum@bsdproject.de>
  Security:	CVE-2017-5487
  Security:	CVE-2017-5488
  Security:	CVE-2017-5489
  Security:	CVE-2017-5490
  Security:	CVE-2017-5491
  Security:	CVE-2017-5492
  Security:	CVE-2017-5493
  Security:	https://vuxml.FreeBSD.org/freebsd/b180d1fb-dac6-11e6-ae1b-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sun Jan 15 01:34:45 2017	(r431505)
+++ head/security/vuxml/vuln.xml	Sun Jan 15 02:16:21 2017	(r431506)
@@ -58,6 +58,48 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="b180d1fb-dac6-11e6-ae1b-002590263bf5">
+    <topic>wordpress -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>wordpress</name>
+	<range><lt>4.7.1,1</lt></range>
+      </package>
+      <package>
+	<name>de-wordpress</name>
+	<name>ja-wordpress</name>
+	<name>ru-wordpress</name>
+	<name>zh-wordpress-zh_CN</name>
+	<name>zh-wordpress-zh_TW</name>
+	<range><lt>4.7.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Aaron D. Campbell reports:</p>
+	<blockquote cite="https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/">;
+	  <p>WordPress versions 4.7 and earlier are affected by eight security
+	    issues...</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2017-5487</cvename>
+      <cvename>CVE-2017-5488</cvename>
+      <cvename>CVE-2017-5489</cvename>
+      <cvename>CVE-2017-5490</cvename>
+      <cvename>CVE-2017-5491</cvename>
+      <cvename>CVE-2017-5492</cvename>
+      <cvename>CVE-2017-5493</cvename>
+      <url>http://www.openwall.com/lists/oss-security/2017/01/14/6</url>;
+      <url>https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/</url>;
+    </references>
+    <dates>
+      <discovery>2017-01-11</discovery>
+      <entry>2017-01-15</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e5186c65-d729-11e6-a9a5-b499baebfeaf">
     <topic>mysql -- multiple vulnerabilities</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701150216.v0F2GLvu091436>