Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Apr 2015 21:08:44 +0200
From: Salvatore Bonaccorso <>
Cc:, Assign a CVE Identifier <>
Subject: Re: WordPress 4.2.1 security  update - CVE please

Hi Kurt,

On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
> Version 4.2.1 addressed a security issue.	For more information, see the
> release notes.
> From the announcement post, WordPress 4.2.1 fixes a critical cross-site
> scripting (XSS) vulnerability, which could enable commenters to
> compromise a site.

Had requested CVEs for this in .

But there is as well a different stored XSS reported which seems to affect as well the
latest wordpress versions (not verified myself).


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ