[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 07 May 2016 05:33:13 +0000
From: Craig Small <csmall@....com.au>
To: oss-security@...ts.openwall.com
Subject: CVE Request: wordpress and mediaelement
Hi,
wordpress 4.5.1 has two security issues[1], both XSS, both fixed in 4.5.2
One is around the plupload embedded code[2] which I'm unsure if it affects
plupload proper or just wordpress.
The second is around mediaelement[3] and this does affect the upstream
program but is already fixed[4].
1: https://wordpress.org/news/2016/05/wordpress-4-5-2/
2: https://core.trac.wordpress.org/changeset/37382/
3: https://core.trac.wordpress.org/changeset/37371
4:
https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
- Craig
--
Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au
Debian GNU/Linux http://www.debian.org/ csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
