Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618704 (CVE-2017-8295) - <www-apps/wordpress-4.7.5: Multiple Vulnerablities (CVE-2017-8295)
Summary: <www-apps/wordpress-4.7.5: Multiple Vulnerablities (CVE-2017-8295)
Status: RESOLVED FIXED
Alias: CVE-2017-8295
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://wordpress.org/news/2017/05/wo...
Whiteboard: ~3 [noglsa/cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-17 00:42 UTC by Yury German
Modified: 2017-05-18 05:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yury German Gentoo Infrastructure gentoo-dev 2017-05-17 00:42:03 UTC 
WordPress versions 4.7.4 and earlier are affected by six security issues:

Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-05-17 00:43:39 UTC 
Please upgrade to www-apps/wordpress-4.7.5
Comment 2 Sebastian Pipping gentoo-dev 2017-05-17 13:22:26 UTC 
Please feel free to further adjust the new bug title!

@security, is there anything more to do than a bump?


commit 54e7ccf5b916874d931ffe10d36e4061e42a0ef2
Author: Sebastian Pipping <sping@g.o>
Date:   Wed May 17 15:18:42 2017 +0200

    www-apps/wordpress: 4.7.5
    
    Package-Manager: Portage-2.3.5, Repoman-2.3.2

 www-apps/wordpress/Manifest                                           | 2 +-
 www-apps/wordpress/{wordpress-4.7.4.ebuild => wordpress-4.7.5.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://github.com/gentoo/gentoo/commit/54e7ccf5b916874d931ffe10d36e4061e42a0ef2
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2017-05-18 05:41:24 UTC 
That is all that needs to be done for non-stable packages. Thank you!