diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2013-January/022037.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2013-January/022037.html | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2013-January/022037.html b/zarb-ml/mageia-dev/2013-January/022037.html new file mode 100644 index 000000000..8b9c54dcf --- /dev/null +++ b/zarb-ml/mageia-dev/2013-January/022037.html @@ -0,0 +1,99 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Freeze push: wordpress 3.5.1 + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20push%3A%20wordpress%203.5.1&In-Reply-To=%3CBAY002-W11635216F3BEC17B46E61AAD31B0%40phx.gbl%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="022035.html"> + <LINK REL="Next" HREF="022038.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Freeze push: wordpress 3.5.1</H1> + <B>FundaWang</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20push%3A%20wordpress%203.5.1&In-Reply-To=%3CBAY002-W11635216F3BEC17B46E61AAD31B0%40phx.gbl%3E" + TITLE="[Mageia-dev] Freeze push: wordpress 3.5.1">fundawang at fundawang.name + </A><BR> + <I>Fri Jan 25 06:07:16 CET 2013</I> + <P><UL> + <LI>Previous message: <A HREF="022035.html">[Mageia-dev] [changelog] [RPM] cauldron core/release GConf2-3.2.6-1.mga3 +</A></li> + <LI>Next message: <A HREF="022038.html">[Mageia-dev] Freeze push: wordpress 3.5.1 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#22037">[ date ]</a> + <a href="thread.html#22037">[ thread ]</a> + <a href="subject.html#22037">[ subject ]</a> + <a href="author.html#22037">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Hello, +Could wordpress 3.5.1 be pushed? It addresses the following security issues: +* A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. +* Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. +* A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. +Regards. +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="022035.html">[Mageia-dev] [changelog] [RPM] cauldron core/release GConf2-3.2.6-1.mga3 +</A></li> + <LI>Next message: <A HREF="022038.html">[Mageia-dev] Freeze push: wordpress 3.5.1 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#22037">[ date ]</a> + <a href="thread.html#22037">[ thread ]</a> + <a href="subject.html#22037">[ subject ]</a> + <a href="author.html#22037">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |