Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Apr 2015 21:08:44 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: nacin@...dpress.org, Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: WordPress 4.2.1 security  update - CVE please

Hi Kurt,

On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
> http://codex.wordpress.org/Version_4.2.1
> 
> Version 4.2.1 addressed a security issue.	For more information, see the
> release notes.
> 
> From the announcement post, WordPress 4.2.1 fixes a critical cross-site
> scripting (XSS) vulnerability, which could enable commenters to
> compromise a site.

Had requested CVEs for this in
http://www.openwall.com/lists/oss-security/2015/04/26/2 .

But there is as well a different stored XSS reported
http://klikki.fi/adv/wordpress2.html which seems to affect as well the
latest wordpress versions (not verified myself).

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ