Security update to version 3.5.2. - pkgsrc

diff options

author	morr <morr@pkgsrc.org>	2013-06-24 16:13:21 +0000
committer	morr <morr@pkgsrc.org>	2013-06-24 16:13:21 +0000
commit	d8f2d8a0e5b663bb974780d0a32c786c093faebe (patch)
tree	5f1b4067233576bce7d531370f1fbfcc157ec553 /x11/libXft
parent	22fb2ffed9b7847096102b4b2c70bee4c86abf1d (diff)
download	pkgsrc-d8f2d8a0e5b663bb974780d0a32c786c093faebe.tar.gz

Security update to version 3.5.2.

Fixed issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Diffstat (limited to 'x11/libXft')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: