|
|
Subscribe / Log in / New account

Debian alert DLA-1096-1 (wordpress-shibboleth)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1096-1] wordpress-shibboleth security update 


Date:
    	      Wed, 13 Sep 2017 18:51:10 +0100


Message-ID:
    	      <1505325070.781376.1105053384.35EA8842@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : wordpress-shibboleth
Version        : 1.4-2+deb7u1
CVE ID         : CVE-2017-14313
Debian Bug     : #874416

It was discovered that there was a an XSS vulnerability in the login form of
the "Shibboleth" identity provider module for Wordpress.

For Debian 7 "Wheezy", this issue has been fixed in wordpress-shibboleth version
1.4-2+deb7u1.

We recommend that you upgrade your wordpress-shibboleth packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlm5b/4ACgkQHpU+J9Qx
HljAhRAAnd7IGzO6bE1HvD3GIAy3kVRx0b7EZl5j4l4jlcKSW4vEHXdSddAEE3Ut
Z7UjVpPzyxwhzSO0+SWn8CEBQP5uQWSowBe+LgQx2VuS+zUJQCF1xLfkAXfgEdcD
juqgdsQwiS1SSX1em09DayvPnlVIMBNVTTlG9ijKMgbFqo5nmk4O+PBhnAAP6hCH
lBBXOr4X8l52UA/T02QzGYlHLGGo5H4n09tyDnN446Pok5j68WyOwNm8zkY/uazj
/+7JlJ1D70mzBBmylzt8EHTmyrOF8oJ18sgol/qLGXwZfBlGkpVajCAWgEMMhfDT
bNbKGtNdQplXubraAP+nQCbmOWXICE+Y0DYbKOkBTosdIQpVGrBYAt5/vYdHvQ+k
n/aTnPdIPQ+9KxbvejHkTMJyztjQh07s31OV2z0Fa1GPgV6+iGm9eVuRQGx5S9zF
QVV60XPTS0Qlt4bG3iYknFNOLNzZGuaJR+fJ3CRi/Wkf7HTx4TGrsiaF2yHLk5gi
Ca2DfsAOHUz/0vUIEB/CvGEDrYaEye/naSm1h1fbl6QP3/ogt88NzRMnMuKHox/Z
ZE9GzakiwPgzRJb2G79cJ1GRpRz65ymy0LXNcH8DH7OnNPY0Ow/ZQgpChZx+yCRY
sHNv2xt1IyIpVUUSUMuKbn8NTaroGFAksw8EagP7eIAc3YbGA2Q=
=evdK
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds