Upstream has released versions 3.9.9 and 4.3.1 today (September 15): https://codex.wordpress.org/Version_3.9.9 https://wordpress.org/news/2015/09/wordpress-4-3-1/ They fix two XSS issues and a potential privilege escalation issue. Updated package uploaded for Mageia 4. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=14625#c4 Advisory: ======================== Updated wordpress packages fixes security vulnerabilities: The wordpress package has been updated to version 3.9.9, fixing two cross-site scripting issues and a potential privilege escalation issue (CVE-2015-5714, CVE-2015-5715), as well as other bugs. See the upstream announcement and release notes for more details. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715 https://codex.wordpress.org/Version_3.9.9 https://wordpress.org/news/2015/09/wordpress-4-3-1/ ======================== Updated packages in core/updates_testing: ======================== wordpress-3.9.9-1.mga4 from wordpress-3.9.9-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => has_procedure
Created and edited a page and a post, created and deleted a user, viewed pages all OK. Validating as this is a noarch package. Ready for push when advisory uploaded to svn.
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure mga4-64-okCC: (none) => wrw105, sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure mga4-64-ok => has_procedure advisory mga4-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0377.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/657812/