FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517316
Date:      2019-11-12
Time:      08:16:34Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a2589511-d6ba-11e7-88dd-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.


Discovery 2017-11-29
Entry 2017-12-01
wordpress
fr-wordpress
lt 4.9.1,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 4.9.1

https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
c04dc18f-fcde-11e7-bdf6-00e04c1ea73dwordpress -- multiple issues

wordpress developers reports:

JavaScript errors that prevented saving posts in Firefox have been fixed.

The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.

Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.


Discovery 2018-01-16
Entry 2018-01-19
wordpress
fr-wordpress
lt 4.9.2,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 4.9.2

https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
a5bb7ea0-3e58-11e7-94a2-00e04c1ea73dWordpress -- multiple vulnerabilities

WordPress versions 4.7.4 and earlier are affected by six security issues

  • Insufficient redirect validation in the HTTP class.
  • Improper handling of post meta data values in the XML-RPC API.
  • Lack of capability checks for post meta data in the XML-RPC API.
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Discovery 2017-05-16
Entry 2017-05-21
wordpress
fr-wordpress
lt 4.7.5,1

de-wordpress
ja-wordpress
ru-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 4.7.5

https://wordpress.org/news/2017/05/wordpress-4-7-5/