Fedora has issued an advisory on February 1: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098476.html The issues are fixed in 3.5.1, which we updated to already in Cauldron. We should issue an update for Mageia 2.
CC: (none) => fundawang
Assignee: fundawang => mageia
WIP
Status: NEW => ASSIGNED
Advisory: ------------- This update of WordPress updates it to 3.5.1 as bug fixes and security release. Packages: ------------- wordpress-3.5.1-1.1.mga2 New Suggests: ------------- N/A How to test: ------------- - Install 'wordpress' from 2, configure it. - Install 'wordpress' from 'update_testing' and check it's still working as expected.
Assignee: mageia => qa-bugs
Thanks Damien! Advisory: ======================== Updated wordpress package fixes security vulnerabilities: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects WordPress before 3.5.1 (CVE-2013-0235). Two instances of cross-site scripting via shortcodes and post content (CVE-2013-0236). A cross-site scripting vulnerability in the external library Plupload (CVE-2013-0237). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0237 https://wordpress.org/news/2013/01/wordpress-3-5-1/ http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098476.html ======================== Updated packages in core/updates_testing: ======================== wordpress-3.5.1-1.1.mga2 from wordpress-3.5.1-1.1.mga2.src.rpm
Testing complete mga2 32 & 64 Validating Advisory & srpm in comment 3 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: (none) => mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0137
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED