FEDORA-2023-f238593a42 — security update for wordpress

testing stable

wordpress-6.2.2-1.fc37

FEDORA-2023-f238593a42 created by remi a week ago for Fedora 37

WordPress 6.2.2 Security Release

Security updates included in this release:

Block themes parsing shortcodes in user-generated data; thanks to Liam Gladdy of WP Engine for reporting this issue.

WordPress 6.2.1 Maintenance & Security Release

Security updates included in this release

Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

How to install

sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-f238593a42

This update has been submitted for testing by remi.

a week ago

This update's test gating status has been changed to 'ignored'.

a week ago

This update has obsoleted wordpress-6.2.1-1.fc37, and has inherited its bugs and notes.

a week ago

This update has been pushed to testing.

a week ago

This update has been submitted for stable by bodhi.

9 hours ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

wordpress-6.2.2-1.fc37

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a week ago

in testing

a week ago

approved

9 hours ago

wordpress-6.2.2-1.fc37

Automated Test Results

ignored