From WordPress upstream v3.5.1 advisory [1]: * A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. References: [1] http://wordpress.org/news/2013/01/wordpress-3-5-1/ [2] http://www.openwall.com/lists/oss-security/2013/01/25/7
This issue affects the versions of the wordpress package, as shipped with Fedora release of 16, 17, and 18. Please schedule an update. -- This issue affect the versions of the wordpress package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update.
Created wordpress tracking bugs for this issue Affects: fedora-all [bug 904124] Affects: epel-all [bug 904125]
The CVE identifier of CVE-2013-0237 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/01/29/7
Other references: https://github.com/moxiecode/plupload/commit/2d746ee http://lcamtuf.blogspot.se/2011/03/other-reason-to-beware-of.html
wordpress-3.5.1-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.5.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.5.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
wordpress-3.5.1-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.