Path to this page:
Subject: CVS commit: pkgsrc/www/wordpress
From: Daniel Horecki
Date: 2022-01-10 21:48:20
Message id: 20220110204820.5E123FB24@cvs.NetBSD.org
Log Message:
Security update to 5.8.3.
Changes since 5.8:
5.8.3
4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't \
yet updated to 5.8, all WordPress versions since 3.7 have also been updated to \
fix the following security issues:
* Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing \
an issue with stored XSS through post slugs.
* Props to Simon Scannell of SonarSource for reporting an issue with Object \
injection in some multisite installations.
* Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend \
Micro Zero Day Initiative on reporting a SQL injection vulnerability in \
WP_Query.
* Props to Ben Bidner from the WordPress security team for reporting a SQL \
injection vulnerability in WP_Meta_Query.
More info on https://wordpress.org/support/wordpress-version/version-5-8-3/
5.8.2
1 security update and fixed 2 bugs.
More info on https://wordpress.org/support/wordpress-version/version-5-8-2/
5.8.1
3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't \
yet updated to 5.8, all WordPress versions since 5.4 have also been updated to \
fix the following security issues:
* Props @mdawaffe, member of the WordPress Security Team for their work fixing a \
data exposure vulnerability within the REST API.
* Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in \
the block editor.
* The Lodash library has been updated to version 4.17.21 in each branch to \
incorporate upstream security fixes.
In addition to these issues, the security team would like to thank the following \
people for reporting vulnerabilities during the WordPress 5.8 beta testing \
period, allowing them to be fixed prior to release:
* Props Evan Ricafort for reporting a XSS vulnerability in the block editor \
discovered during the 5.8 release's beta period.
* Props Steve Henty for reporting a privilege escalation issue in the block editor.
More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
Files: