From owner-svn-ports-all@FreeBSD.ORG Tue Jan 29 20:02:38 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id ADF365CE; Tue, 29 Jan 2013 20:02:38 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 885F5321; Tue, 29 Jan 2013 20:02:38 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0TK2cep033956; Tue, 29 Jan 2013 20:02:38 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0TK2cCZ033955; Tue, 29 Jan 2013 20:02:38 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201301292002.r0TK2cCZ033955@svn.freebsd.org> From: Xin LI Date: Tue, 29 Jan 2013 20:02:38 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r311185 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2013 20:02:38 -0000 Author: delphij Date: Tue Jan 29 20:02:37 2013 New Revision: 311185 URL: http://svnweb.freebsd.org/changeset/ports/311185 Log: Document wordpress multiple vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Jan 29 19:55:05 2013 (r311184) +++ head/security/vuxml/vuln.xml Tue Jan 29 20:02:37 2013 (r311185) @@ -51,6 +51,57 @@ Note: Please add new entries to the beg --> + + wordpress -- multiple vulnerabilities + + + wordpress + 3.5.1,1 + + + zh-wordpress-zh_CN + zh-wordpress-zh_TW + de-wordpress + ja-wordpress + ru-wordpress + 3.5.1 + + + + +

Wordpress reports:

+
+

WordPress 3.5.1 also addresses the following security issues:

+
    +
  • A server-side request forgery vulnerability and remote port + scanning using pingbacks. This vulnerability, which could + potentially be used to expose information and compromise a + site, affects all previous WordPress versions. This was fixed + by the WordPress security team. We'd like to thank security + researchers Gennady + Kovshenin and Ryan + Dewhurst for reviewing our work.
    • +
  • Two instances of cross-site scripting via shortcodes and post + content. These issues were discovered by Jon Cave of the WordPress + security team.
    • +
  • A cross-site scripting vulnerability in the external library + Plupload. Thanks to the Moxiecode team for working with us on + this, and for releasing Plupload 1.5.5 to address this issue.
    • +
+
+ + + + CVE-2013-0235 + CVE-2013-0236 + CVE-2013-0237 + + + 2013-01-24 + 2013-01-29 + + + django-cms -- XSS Vulnerability