New Wordpress security update released : "WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. - WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. - A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. - Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes." Source : https://wordpress.org/news/2015/09/wordpress-4-3-1/ ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-5714 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-5715 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1496825 Title: Wordpress package security issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/1496825/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
