wordpress-6.5.2-1.fc39
Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release
Security updates included in this release
A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.
Upstream announcement: WordPress 6.5 “Regina”
wordpress-6.5.2-1.fc40
Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release
Security updates included in this release
A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.
Upstream announcement: WordPress 6.5 “Regina”
wordpress-6.5.2-1.el9
Upstream annoucement: WordPress 6.5.2 Maintenance and Security Release
Security updates included in this release
A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.
Upstream announcement: WordPress 6.5 “Regina”
wordpress-6.4.4-1.fc38
WordPress 6.4.4 Security Release
Security updates included in this release
A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by John Blackbourn of the WordPress security team. Many thanks to Mat Rollings for assisting with the research.
A WiCyS report detailed the causes of disparities in the experiences of women working in cybersecurity compared to men, including respect and exclusion
USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was
discovered that the fix did not fully address the issue. This update
removes the setgid permission bit from the wall and write utilities.
Original advisory details:
Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.
A flaw in the Rust standard library exposes Windows systems to command injection attacks
The DoJ says it has seized $1.4bn and charged 3500 defendants in COVID fraud cases since 2021
Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.
April’s Patch Tuesday saw fixes for 150 CVEs, including two being actively exploited in the wild
