diff options
author | morr <morr@pkgsrc.org> | 2014-11-24 19:08:53 +0000 |
---|---|---|
committer | morr <morr@pkgsrc.org> | 2014-11-24 19:08:53 +0000 |
commit | 126ed5c631c0fde4b14112726e4e094dbda58427 (patch) | |
tree | 037dc58df74d1db3dec044c9603f59e35f0b43cb /time/hebcal | |
parent | 72cbb70b6d9ee23952ba1890e8073a429cdba681 (diff) | |
download | pkgsrc-126ed5c631c0fde4b14112726e4e094dbda58427.tar.gz |
Security update to 4.0.1.
Changes:
- Three cross-site scripting issues that a contributor or author could use to
compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
compromised, that also required that they haven’t logged in since 2008 (I
wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
remembers their password, logs in, and changes their email address.
More details on http://codex.wordpress.org/Version_4.0.1.
Diffstat (limited to 'time/hebcal')
0 files changed, 0 insertions, 0 deletions