Date: Mon, 27 Apr 2015 21:34:28 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com, nacin@...dpress.org, Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: WordPress 4.2.1 security update - CVE please Hi, On Mon, Apr 27, 2015 at 09:29:01PM +0200, Alessandro Ghedini wrote: > On Mon, Apr 27, 2015 at 09:08:44PM +0200, Salvatore Bonaccorso wrote: > > Hi Kurt, > > > > On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote: > > > http://codex.wordpress.org/Version_4.2.1 > > > > > > Version 4.2.1 addressed a security issue. For more information, see the > > > release notes. > > > > > > From the announcement post, WordPress 4.2.1 fixes a critical cross-site > > > scripting (XSS) vulnerability, which could enable commenters to > > > compromise a site. > > > > Had requested CVEs for this in > > http://www.openwall.com/lists/oss-security/2015/04/26/2 . > > Note that this and your request are about two different wordpress releases (at > first I got confused too by the version numbers, 4.1.2 != 4.2.1). Yes you right, sorry for the confusion (I mixed up 4.1.2 and 4.2.1). Thanks for the correction. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ