group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1718571] Re: [CVE] XSS security flaw due to add_query_arg

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Thu, 12 Oct 2017 19:22:05 -0000
Reply-to: Bug 1718571 <1718571@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug is fixed with the following updates:
1.4-2+deb8u1build0.17.04.2 zesty-security
1.4-2+deb8u1build0.16.04.2 xenial-security
1.4-2+deb8u1build0.14.04.2 trusty-security

** Changed in: wordpress-shibboleth (Ubuntu Trusty)
       Status: In Progress => Fix Released

** Changed in: wordpress-shibboleth (Ubuntu Xenial)
       Status: In Progress => Fix Released

** Changed in: wordpress-shibboleth (Ubuntu Zesty)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718571

Title:
  [CVE] XSS security flaw due to add_query_arg

Status in wordpress-shibboleth package in Ubuntu:
  Fix Released
Status in wordpress-shibboleth source package in Trusty:
  Fix Released
Status in wordpress-shibboleth source package in Xenial:
  Fix Released
Status in wordpress-shibboleth source package in Zesty:
  Fix Released
Status in wordpress-shibboleth source package in Artful:
  Fix Released

Bug description:
  The shibboleth_login_form function in shibboleth.php in the Shibboleth
  plugin before 1.8 for WordPress is prone to an XSS vulnerability due
  to improper use of add_query_arg().

  This has been fixed upstream here:
  https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wordpress-shibboleth/+bug/1718571/+subscriptions