Updated wordpress package fixes security vulnerabilities
Publication date: 27 Jul 2015Modification date: 27 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-5622 , CVE-2015-5623
Description
WordPress versions 4.2.2 and earlier are affected by a cross-site
scripting vulnerability, which could allow users with the Contributor or
Author role to compromise a site (CVE-2015-5622).
WordPress versions 4.2.2 and earlier are affected by an issue where it was
possible for a user with Subscriber permissions to create a draft through
Quick Draft (CVE-2015-5623).
References
- https://bugs.mageia.org/show_bug.cgi?id=16457
- http://codex.wordpress.org/Version_3.9.7
- https://wordpress.org/news/2015/07/wordpress-4-2-3/
- http://openwall.com/lists/oss-security/2015/07/23/18
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
SRPMS
4/core
- wordpress-3.9.7-1.mga4