aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwoodsb02 <woodsb02@FreeBSD.org>2017-02-03 06:48:50 +0800
committerwoodsb02 <woodsb02@FreeBSD.org>2017-02-03 06:48:50 +0800
commit3f96e6fe73c9ed46e465279a87cd9693919ac3e6 (patch)
treeff555c5a6a1c10ce053d16b164cdfe8a21604fb4
parentd2db4b0382c1a9414475179c61b2ebd91ab1ba92 (diff)
downloadfreebsd-ports-gnome-3f96e6fe73c9ed46e465279a87cd9693919ac3e6.tar.gz
freebsd-ports-gnome-3f96e6fe73c9ed46e465279a87cd9693919ac3e6.tar.zst
freebsd-ports-gnome-3f96e6fe73c9ed46e465279a87cd9693919ac3e6.zip
Add additional vulnerability for wordpress 4.7.1 that was initially kept
quiet by the wordpress team [1]. [1] https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Security: https://vuxml.FreeBSD.org/freebsd/54e50cd9-c1a8-11e6-ae1b-002590263bf5.html
-rw-r--r--security/vuxml/vuln.xml3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a385c60c6e91..aac1bf5217f8 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -204,6 +204,8 @@ Notes:
themes from accidentally causing a vulnerability.</li>
<li>A cross-site scripting (XSS) vulnerability was discovered in the
posts list table.</li>
+ <li>An unauthenticated privilege escalation vulnerability was
+ discovered in a REST API endpoint.</li>
</ul>
</blockquote>
</body>
@@ -214,6 +216,7 @@ Notes:
<cvename>CVE-2017-5612</cvename>
<url>http://www.openwall.com/lists/oss-security/2017/01/28/5</url>
<url>https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/</url>
+ <url>https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/</url>
</references>
<dates>
<discovery>2017-01-26</discovery>