This bug is fixed with the following updates:
1.4-2+deb8u1build0.17.04.2 zesty-security
1.4-2+deb8u1build0.16.04.2 xenial-security
1.4-2+deb8u1build0.14.04.2 trusty-security
** Changed in: wordpress-shibboleth (Ubuntu Trusty)
Status: In Progress => Fix Released
** Changed in: wordpress-shibboleth (Ubuntu Xenial)
Status: In Progress => Fix Released
** Changed in: wordpress-shibboleth (Ubuntu Zesty)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718571
Title:
[CVE] XSS security flaw due to add_query_arg
Status in wordpress-shibboleth package in Ubuntu:
Fix Released
Status in wordpress-shibboleth source package in Trusty:
Fix Released
Status in wordpress-shibboleth source package in Xenial:
Fix Released
Status in wordpress-shibboleth source package in Zesty:
Fix Released
Status in wordpress-shibboleth source package in Artful:
Fix Released
Bug description:
The shibboleth_login_form function in shibboleth.php in the Shibboleth
plugin before 1.8 for WordPress is prone to an XSS vulnerability due
to improper use of add_query_arg().
This has been fixed upstream here:
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wordpress-shibboleth/+bug/1718571/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
