Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=83de7d49d0cd8357b336024b5ed4b8a5a2e1033e
commit 83de7d49d0cd8357b336024b5ed4b8a5a2e1033e Author: Miklos Vajna <vmik...@frugalware.org> Date: Sun Jul 3 12:02:12 2011 +0200 FSA728-wordpress diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index dfb3bd9..852eb0e 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,20 @@ <fsas> <fsa> + <id>728</id> + <date>2011-07-03</date> + <author>Miklos Vajna</author> + <package>wordpress</package> + <vulnerable>3.1.3-1nexon1</vulnerable> + <unaffected>3.1.4-1nexon1</unaffected> + <bts>http://bugs.frugalware.org/task/4522</bts> + <cve>No CVE, see http://wordpress.org/news/2011/06/wordpress-3-1-4/</cve> + <desc>Multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks. + 1) An unspecified error can be exploited to gain further access to the site. + 2) Input passed via the "order" and "orderby" parameters to wp-admin/link-manager.php and wp-admin/edit-tags.php is not properly sanitised in wp-includes/taxonomy.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. + Successful exploitation requires the "Editor" role.</desc> + </fsa> + <fsa> <id>727</id> <date>2011-07-03</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git