From owner-svn-ports-head@freebsd.org Sun Jan 15 02:16:22 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF007CA5800; Sun, 15 Jan 2017 02:16:22 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 66BA4170A; Sun, 15 Jan 2017 02:16:22 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0F2GLkW091438; Sun, 15 Jan 2017 02:16:21 GMT (envelope-from junovitch@FreeBSD.org) Received: (from junovitch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0F2GLvu091436; Sun, 15 Jan 2017 02:16:21 GMT (envelope-from junovitch@FreeBSD.org) Message-Id: <201701150216.v0F2GLvu091436@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: junovitch set sender to junovitch@FreeBSD.org using -f From: Jason Unovitch Date: Sun, 15 Jan 2017 02:16:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431506 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2017 02:16:22 -0000 Author: junovitch Date: Sun Jan 15 02:16:21 2017 New Revision: 431506 URL: https://svnweb.freebsd.org/changeset/ports/431506 Log: Document Wordpress security issues in 4.7.1. Note per upstream PHPMailer was updated but "No specific issue appears to affect WordPress or any of the major plugins we investigated". As such leave the PHPMailer entry as is at this time. PR: 216059 Reported by: Jochen Neumeister Security: CVE-2017-5487 Security: CVE-2017-5488 Security: CVE-2017-5489 Security: CVE-2017-5490 Security: CVE-2017-5491 Security: CVE-2017-5492 Security: CVE-2017-5493 Security: https://vuxml.FreeBSD.org/freebsd/b180d1fb-dac6-11e6-ae1b-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jan 15 01:34:45 2017 (r431505) +++ head/security/vuxml/vuln.xml Sun Jan 15 02:16:21 2017 (r431506) @@ -58,6 +58,48 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + wordpress -- multiple vulnerabilities + + + wordpress + 4.7.1,1 + + + de-wordpress + ja-wordpress + ru-wordpress + zh-wordpress-zh_CN + zh-wordpress-zh_TW + 4.7.1 + + + + +

Aaron D. Campbell reports:

+
WordPress versions 4.7 and earlier are affected by eight security + issues...
+

+ + + + CVE-2017-5487 + CVE-2017-5488 + CVE-2017-5489 + CVE-2017-5490 + CVE-2017-5491 + CVE-2017-5492 + CVE-2017-5493 + http://www.openwall.com/lists/oss-security/2017/01/14/6 + https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ + + + 2017-01-11 + 2017-01-15 + + + mysql -- multiple vulnerabilities