574462 – www-apps/wordpress-4.2.2: Upgrade Needed

Bug 574462 - www-apps/wordpress-4.2.2: Upgrade Needed

Summary: www-apps/wordpress-4.2.2: Upgrade Needed

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other web server issues (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Infrastructure

URL:	http://blog.gentoo.org
Whiteboard:
Keywords:

Depends on:
Blocks:	574468
	Show dependency tree

Reported:	2016-02-11 18:13 UTC by Yury German
Modified:	2016-03-09 21:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yury German Gentoo Infrastructure

2016-02-11 18:13:41 UTC

Need to upgrade wordpress for https://blogs.gentoo.org to the latest version (4.2.2)

It contains two security Bugs:
From the announcement post, WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

#36435 HTTP: 0.1.2.3 is not a valid IP.
#36444 Better validation of the URL used in HTTP redirects.

Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure

2016-03-09 21:23:58 UTC

commit d8b4926ad3e0a6dd8361458771c164d660df3c01
Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
Date:   Sat Feb 13 01:16:40 2016 -0100

    Bump wordpress release to 4.4.2 to address the open security issues.
    
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

I forgot to close this bug.