This bug is fixed with the following updates: 1.4-2+deb8u1build0.17.04.2 zesty-security 1.4-2+deb8u1build0.16.04.2 xenial-security 1.4-2+deb8u1build0.14.04.2 trusty-security
** Changed in: wordpress-shibboleth (Ubuntu Trusty) Status: In Progress => Fix Released ** Changed in: wordpress-shibboleth (Ubuntu Xenial) Status: In Progress => Fix Released ** Changed in: wordpress-shibboleth (Ubuntu Zesty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1718571 Title: [CVE] XSS security flaw due to add_query_arg Status in wordpress-shibboleth package in Ubuntu: Fix Released Status in wordpress-shibboleth source package in Trusty: Fix Released Status in wordpress-shibboleth source package in Xenial: Fix Released Status in wordpress-shibboleth source package in Zesty: Fix Released Status in wordpress-shibboleth source package in Artful: Fix Released Bug description: The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). This has been fixed upstream here: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wordpress-shibboleth/+bug/1718571/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp