diff options
| author | Xin LI <delphij@FreeBSD.org> | 2026-03-12 03:57:10 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2026-03-12 03:57:10 +0000 |
| commit | 122fc90edc012755d590b9351834cc3f34ddf439 (patch) | |
| tree | a888ec50b1640e7b459f7df9e1ef6137abea25d8 /science/xdrawchem/files/(public-mirror) | |
| parent | 92d6a098c79cd74253ef213371b8f7e55719b11c (diff) | |
Upstream does not offer localized tarballs for 6.9.4, so download the
6.9.1 tarballs and apply files/patch-6.9.1-to-6.9.4 instead.
Security fixes in 6.9.2:
- Blind SSRF
- PoP-chain weakness in HTML API and Block Registry
- Regex DoS in Numeric Character References
- Stored XSS in Nav Menus
- AJAX query-attachments Authorization Bypass
- Stored XSS via data-wp-bind directive
- XSS allowing override of client-side templates in admin area
- PclZip Path Traversal
- Authorization Bypass on Notes feature
- XXE in external getID3 library
Bug fix in 6.9.3:
- Restore compatibility for themes using stringable objects with the
template_include filter (regression introduced in 6.9.2)
Security fixes in 6.9.4 (incomplete fixes from 6.9.2 re-addressed):
- PclZip Path Traversal
- Authorization Bypass on Notes feature
- XXE in external getID3 library
Diffstat (limited to 'science/xdrawchem/files/(public-mirror)')
0 files changed, 0 insertions, 0 deletions