Debian Security Advisory

DLA-1096-1 wordpress-shibboleth -- LTS security update

Date Reported:

13 Sep 2017

Affected Packages:

wordpress-shibboleth

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-14313.

More information:

It was discovered that there was a an XSS vulnerability in the login form of the Shibboleth identity provider module for Wordpress.

For Debian 7 Wheezy, this issue has been fixed in wordpress-shibboleth version 1.4-2+deb7u1.

We recommend that you upgrade your wordpress-shibboleth packages.