Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 02 Jul 2012 15:24:17 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        security@...dpress.org, "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE #'s for WordPress 3.4.1 release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://codex.wordpress.org/Version_3.4.1

Lists several security issues as corrected:

- -Privilege Escalation/XSS. Critical. Administrators and editors in
multisite were accidentally allowed to use unfiltered_html for 3.4.0.
- -CSRF. Additional CSRF protection in the customizer.
- -Information Disclosure: Disclosure of post contents to authors and
contributors (such as private or draft posts).
- -Hardening: Deprecate wp_explain_nonce(), which could reveal
unnecessary information.
- -Hardening: Require a child theme to be activated with its intended
parent only.

Have CVE #'s been assigned for these issues?



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP8hGBAAoJEBYNRVNeJnmTFeYQALr3NJwGigRW2vPW66LpPiP0
1qZz5hj4uKV9W/KSr3QRXQ8+txfqXNypnbXbLtvqtxIkIXnF2MLL6u7hi39JZph6
Vx/Tn2Fzk3ec1uQj3lUi9Cx4/bcl8TXp+Z4Q7Rq9g1WJH21UzZ2PTDnaX9Losy7Y
6w1LYjVoNTuEjtYfGPMQJl+LoQdKf0UHAEugVonDjHzxr9gBbvfcQds4zEBv46pZ
BVrInfn5SPRxaFAVIAWu3yzMyblTMjssJ969HzLcMaPzMrrD/GNFKNu/lameKIoj
ynAe2+wxCwhhZ+aoXTIMDut+f5L879kMWcQIBYAtXPOsrCHtlMmKkcu3ewKtWbwx
gGPShan0k/CZBrCn7MITe2QO33j/YpgqI7SYg7TAgHFlxqHQBc0TqX7h6ij0WMMD
6RCpnn0eO1HwbwmWSigLgTKzNcRkTJrA0R7Qo772DVevnyK9Nqs/LvGrJLQ2+IkX
0JPkDQf4dTGgOQlElESCbyZ0DTEATsjIvu9WdUlIgIPdvdsZPPk7uSfFs5bIo5bA
4LwE9zNdfpUfedhF4VmNO+tJA3+DhA7iFfrz7GVAAXdhMseBhyWiuemphAaFkxEc
oMKV0nudnkWAuv5LVDeCkqDqpjskTAPSyva4k/91KAgtouYxNhtQD7dbFLR2cZdx
c2YAM+D7Xq65Ik9rRsg1
=2Zdu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ