FEDORA-2019-e70f89fa34 created by remi a month ago for Fedora 29
stable

WordPress 5.2.4 Security Release

WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4.

Security Updates

  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-e70f89fa34
This update has been submitted for testing by remi. a month ago
This update's test gating status has been changed to 'waiting'. a month ago
This update's test gating status has been changed to 'ignored'. a month ago
This update has been pushed to testing. a month ago
This update can be pushed to stable now if the maintainer wishes a month ago
This update has been submitted for stable by bodhi. a month ago
This update has been pushed to stable. a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago

Automated Test Results