aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2013-01-30 04:02:37 +0800
committerdelphij <delphij@FreeBSD.org>2013-01-30 04:02:37 +0800
commit6a151adfdd3f3790a5aecb82db8922d50b7cab8d (patch)
tree1a5558a016b345293eab40fb91a7061fed2da1d0 /security
parent750eebd938bd50b61f1bfa1780c3d455f785587d (diff)
downloadfreebsd-ports-gnome-6a151adfdd3f3790a5aecb82db8922d50b7cab8d.tar.gz
freebsd-ports-gnome-6a151adfdd3f3790a5aecb82db8922d50b7cab8d.tar.zst
freebsd-ports-gnome-6a151adfdd3f3790a5aecb82db8922d50b7cab8d.zip
Document wordpress multiple vulnerabilities.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml51
1 files changed, 51 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 933fa32c30ff..b21320d09f8a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,57 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="559e00b7-6a4d-11e2-b6b0-10bf48230856">
+ <topic>wordpress -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>wordpress</name>
+ <range><lt>3.5.1,1</lt></range>
+ </package>
+ <package>
+ <name>zh-wordpress-zh_CN</name>
+ <name>zh-wordpress-zh_TW</name>
+ <name>de-wordpress</name>
+ <name>ja-wordpress</name>
+ <name>ru-wordpress</name>
+ <range><lt>3.5.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Wordpress reports:</p>
+ <blockquote cite="http://wordpress.org/news/2013/01/wordpress-3-5-1/">
+ <p>WordPress 3.5.1 also addresses the following security issues:</p>
+ <ul>
+ <li>A server-side request forgery vulnerability and remote port
+ scanning using pingbacks. This vulnerability, which could
+ potentially be used to expose information and compromise a
+ site, affects all previous WordPress versions. This was fixed
+ by the WordPress security team. We'd like to thank security
+ researchers <a href="http://codeseekah.com/">Gennady
+ Kovshenin</a> and <a href="http://www.ethicalhack3r.co.uk/">Ryan
+ Dewhurst</a> for reviewing our work.</li>
+ <li>Two instances of cross-site scripting via shortcodes and post
+ content. These issues were discovered by Jon Cave of the WordPress
+ security team.</li>
+ <li>A cross-site scripting vulnerability in the external library
+ Plupload. Thanks to the Moxiecode team for working with us on
+ this, and for releasing Plupload 1.5.5 to address this issue.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-0235</cvename>
+ <cvename>CVE-2013-0236</cvename>
+ <cvename>CVE-2013-0237</cvename>
+ </references>
+ <dates>
+ <discovery>2013-01-24</discovery>
+ <entry>2013-01-29</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3886cafe-668c-11e2-94b8-1c4bd681f0cf">
<topic>django-cms -- XSS Vulnerability</topic>
<affects>