FEDORA-EPEL-2019-be9b8a3985 created by remi a month ago for Fedora EPEL 6
stable

WordPress 5.1.3 Security Release

Security Updates

  • Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
  • Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
  • Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
  • Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
  • Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
This update has been submitted for testing by remi. a month ago
This update's test gating status has been changed to 'waiting'. a month ago
This update's test gating status has been changed to 'ignored'. a month ago
This update has been pushed to testing. a month ago
This update can be pushed to stable now if the maintainer wishes 15 days ago
This update has been submitted for stable by bodhi. 15 days ago
This update has been pushed to stable. 15 days ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
a month ago
in testing
a month ago
in stable
15 days ago

Automated Test Results