Package: wordpress-shibboleth Version: 1.4-2 Severity: important X-Debbugs-Cc: csm...@debian.org Tags: security
I have just become aware of an old security issue that was fixed in upstream: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f5 6e2fd19188e7c26a As far as I understand, this is https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_q uery_arg-usage/ Given that noone has noticed and reported this as an issue for a year in the Debian package, and I'm not completely sure of how easy it is to exploit, I'm not exactly sure of the correct severity or whether this warrants a DSA or just a point release update. I'm CCing the Wordpress maintainer in case they have any ideas. This bug will be fixed in unstable shortly.
