Date: Thu, 2 Feb 2017 22:48:50 +0000 (UTC) From: Ben Woods <woodsb02@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r433182 - head/security/vuxml Message-ID: <201702022248.v12MmoqY027400@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: woodsb02 Date: Thu Feb 2 22:48:50 2017 New Revision: 433182 URL: https://svnweb.freebsd.org/changeset/ports/433182 Log: Add additional vulnerability for wordpress 4.7.1 that was initially kept quiet by the wordpress team [1]. [1] https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Security: https://vuxml.FreeBSD.org/freebsd/54e50cd9-c1a8-11e6-ae1b-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Feb 2 22:25:18 2017 (r433181) +++ head/security/vuxml/vuln.xml Thu Feb 2 22:48:50 2017 (r433182) @@ -204,6 +204,8 @@ Notes: themes from accidentally causing a vulnerability.</li> <li>A cross-site scripting (XSS) vulnerability was discovered in the posts list table.</li> + <li>An unauthenticated privilege escalation vulnerability was + discovered in a REST API endpoint.</li> </ul> </blockquote> </body> @@ -214,6 +216,7 @@ Notes: <cvename>CVE-2017-5612</cvename> <url>http://www.openwall.com/lists/oss-security/2017/01/28/5</url>; <url>https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/</url>; + <url>https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/</url>; </references> <dates> <discovery>2017-01-26</discovery>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702022248.v12MmoqY027400>