group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1718571] Re: [CVE] XSS security flaw due to add_query_arg

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Simon Quigley <tsimonq2@xxxxxxxxxx>
Date: Sat, 30 Sep 2017 19:57:28 -0000
Reply-to: Bug 1718571 <1718571@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: wordpress-shibboleth (Ubuntu Artful)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718571

Title:
  [CVE] XSS security flaw due to add_query_arg

Status in wordpress-shibboleth package in Ubuntu:
  Fix Released
Status in wordpress-shibboleth source package in Trusty:
  In Progress
Status in wordpress-shibboleth source package in Xenial:
  In Progress
Status in wordpress-shibboleth source package in Zesty:
  In Progress
Status in wordpress-shibboleth source package in Artful:
  Fix Released

Bug description:
  The shibboleth_login_form function in shibboleth.php in the Shibboleth
  plugin before 1.8 for WordPress is prone to an XSS vulnerability due
  to improper use of add_query_arg().

  This has been fixed upstream here:
  https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wordpress-shibboleth/+bug/1718571/+subscriptions