Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALy8Cw7nYh_p5qR3anmUM+t5g5zV-2HuZD4E6SFiWckCMfhNMA@mail.gmail.com>
Date: Sat, 07 May 2016 05:33:13 +0000
From: Craig Small <csmall@....com.au>
To: oss-security@...ts.openwall.com
Subject: CVE Request: wordpress and mediaelement

Hi,
  wordpress 4.5.1 has two security issues[1], both XSS, both fixed in 4.5.2

One is around the plupload embedded code[2] which I'm unsure if it affects
plupload proper or just wordpress.
The second is around mediaelement[3] and this does affect the upstream
program but is already fixed[4].


1: https://wordpress.org/news/2016/05/wordpress-4-5-2/
2: https://core.trac.wordpress.org/changeset/37382/
3: https://core.trac.wordpress.org/changeset/37371
4:
https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e


 - Craig

-- 
Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.