Date: Sat, 07 May 2016 05:33:13 +0000 From: Craig Small <csmall@....com.au> To: oss-security@...ts.openwall.com Subject: CVE Request: wordpress and mediaelement Hi, wordpress 4.5.1 has two security issues, both XSS, both fixed in 4.5.2 One is around the plupload embedded code which I'm unsure if it affects plupload proper or just wordpress. The second is around mediaelement and this does affect the upstream program but is already fixed. 1: https://wordpress.org/news/2016/05/wordpress-4-5-2/ 2: https://core.trac.wordpress.org/changeset/37382/ 3: https://core.trac.wordpress.org/changeset/37371 4: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e - Craig -- Craig Small (@...llsees) http://enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ