Fedora has issued an advisory on February 1:
The issues are fixed in 3.5.1, which we updated to already in Cauldron.
We should issue an update for Mageia 2.
This update of WordPress updates it to 3.5.1 as bug fixes and security release.
How to test:
- Install 'wordpress' from 2, configure it.
- Install 'wordpress' from 'update_testing' and check it's still working as expected.
Updated wordpress package fixes security vulnerabilities:
A server-side request forgery vulnerability and remote port scanning using
pingbacks. This vulnerability, which could potentially be used to expose
information and compromise a site, affects WordPress before 3.5.1
Two instances of cross-site scripting via shortcodes and post content
A cross-site scripting vulnerability in the external library Plupload
Updated packages in core/updates_testing:
Testing complete mga2 32 & 64
Advisory & srpm in comment 3
Could sysadmin please push from core/updates_testing to core/updates