Site Navigation:
security wordpress-3.5.1-2.el6 security update
Status:stable
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2013-0233
Builds: wordpress-3.5.1-2.el6 (logs)
Pushed: True
Date Submitted: 2013-01-30 16:43:25
Date Released: 2013-02-01 12:38:56
Date Modified: 2013-02-12 11:33:30
Submitter: remi
Karma: 2
Details

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
Bugs Fixed
904124 - CVE-2013-0235: CVE-2013-0236 CVE-2013-0237 wordpress various flaws [fedora-all]
904120 - CVE-2013-0235: wordpress: Server-side request forgery and remote port scanning using pingbacks
904121 - wordpress: XSS flaws via shortcodes and HTTP POST content
904122 - wordpress: XSS in the external Plupload library
Feedback
bodhi - 2013-01-30 16:43:55
This update has been submitted for testing by remi.
mcepl - 2013-01-30 16:56:18
Works for me, thank you
tsmetana - 2013-01-31 11:02:31
Fixes the problem in bug #906229 and no other issues spotted.
bodhi - 2013-01-31 15:58:36
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:04:51
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:10:04
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:17:56
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:26:05
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:31:35
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:39:02
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:51:08
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:53:54
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-01-31 16:57:25
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-02-01 13:18:04
This update has been pushed to testing
bodhi - 2013-02-12 11:33:15
remi has edited this update. New build(s): wordpress-3.5.1-2.el6. Removed build(s): wordpress-3.5.1-1.el6.
bodhi - 2013-02-12 11:33:33
This update has been submitted for testing by remi.
bodhi - 2013-02-12 19:15:35
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2013-02-12 20:23:50
This update has been pushed to testing
bodhi - 2013-02-26 22:06:15
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-02-27 06:53:45
This update has been submitted for stable by remi.
bodhi - 2013-02-27 16:10:39
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
bodhi - 2013-02-27 18:02:10
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters