diff options
| author | Jochen Neumeister <joneum@FreeBSD.org> | 2017-05-22 07:16:13 +0000 |
|---|---|---|
| committer | Jochen Neumeister <joneum@FreeBSD.org> | 2017-05-22 07:16:13 +0000 |
| commit | 3753ed400fb316ad701310a607f530aac044ba13 (patch) | |
| tree | 11ad71cb79aa95b3ba9980b1b54e4539cb2fdeff /security/vuxml | |
| parent | 9ae15442dafda39bd2ed97c56baa0e23da4466dc (diff) | |
| download | ports-3753ed400fb316ad701310a607f530aac044ba13.tar.gz ports-3753ed400fb316ad701310a607f530aac044ba13.zip | |
- Document Wordpress multible vulnerabilities
Approved by: miwi (mentor)
Differential Revision: https://reviews.freebsd.org/D10789
Notes
Notes:
svn path=/head/; revision=441435
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f993c54d84cf..24ff5da0fa81 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a5bb7ea0-3e58-11e7-94a2-00e04c1ea73d"> + <topic>Wordpress -- multible vulnerabilities</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>4.7.5,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <name>fr-wordpress</name> + <name>ja-wordpress</name> + <name>ru-wordpress</name> + <name>zh-wordpress-zh_CN</name> + <name>zh-wordpress-zh_TW</name> + <range><lt>4.7.5,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="https://wordpress.org/news/2017/05/wordpress-4-7-5/"> + <p>WordPress versions 4.7.4 and earlier are affected by six security issues</p> + <ul> + <li>Insufficient redirect validation in the HTTP class.</li> + <li>Improper handling of post meta data values in the XML-RPC API.</li> + <li>Lack of capability checks for post meta data in the XML-RPC API.</li> + <li>A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.</li> + <li>A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://wordpress.org/news/2017/05/wordpress-4-7-5/</url> + </references> + <dates> + <discovery>2017-05-16</discovery> + <entry>2017-05-21</entry> + </dates> + </vuln> + <vuln vid="fab87bff-3ce5-11e7-bf9d-001999f8d30b"> <topic>asterisk -- Memory exhaustion on short SCCP packets</topic> <affects> |