[SECURITY-L] WordPress 4.6.1 Security and Maintenance Release
CSIRT Unicamp
security em unicamp.br
Qui Set 8 09:17:31 -03 2016
WordPress 4.6.1 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately.
WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by
SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability
in the upgrade package uploader, reported by Dominik Schilling from the
WordPress security team.
Thank you to the reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs
from 4.6. For more information, see the release notes or consult the
list of changes.
Download WordPress 4.6.1 or venture over to Dashboard → Updates and
simply click “Update Now.” Sites that support automatic background
updates are already beginning to update to WordPress 4.6.1.
Font:
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
Mais detalhes sobre a lista de discussão SECURITY-L