Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Apr 2015 21:34:28 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com, nacin@...dpress.org,
	Assign a CVE Identifier <cve-assign@...re.org>
Subject: Re: WordPress 4.2.1 security  update - CVE please

Hi,

On Mon, Apr 27, 2015 at 09:29:01PM +0200, Alessandro Ghedini wrote:
> On Mon, Apr 27, 2015 at 09:08:44PM +0200, Salvatore Bonaccorso wrote:
> > Hi Kurt,
> > 
> > On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
> > > http://codex.wordpress.org/Version_4.2.1
> > > 
> > > Version 4.2.1 addressed a security issue.	For more information, see the
> > > release notes.
> > > 
> > > From the announcement post, WordPress 4.2.1 fixes a critical cross-site
> > > scripting (XSS) vulnerability, which could enable commenters to
> > > compromise a site.
> > 
> > Had requested CVEs for this in
> > http://www.openwall.com/lists/oss-security/2015/04/26/2 .
> 
> Note that this and your request are about two different wordpress releases (at
> first I got confused too by the version numbers, 4.1.2 != 4.2.1).

Yes you right, sorry for the confusion (I mixed up 4.1.2 and 4.2.1).

Thanks for the correction.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ