Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Aug 2015 15:30:51 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can I get CVE for WordPress 4.2.3 and earlier multiple vulnerabilities, thank
you.

https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

"""
WordPress 4.2.4 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting
vulnerabilities and a potential SQL injection that could be used to compromise a
site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí
of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov.
It also includes a fix for a potential timing side-channel attack, discovered by
Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post
from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security
issues.
"""

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJVwLB6AAoJECet96ROqnV0V1IQAKmanHr9m+zYZI9R+DOpkkFP
NDgBMY1O12421mIWPTChCVKSMji952e/5Om7iyHONhMvGfWGkkPSTC6vN16rIxuC
Z6H+PR7dFwOX7l2aJmYmI6lz06ZsqAo2d4rtmse5tl1/Ty4HOrd0Lz206fvdTGqH
LyaDH3gvhuRdc/P7peG+JqK5/uYgTPoOf3Hd+xHQurxMqQ1HEwG/ewJxfeUJV7LX
ewYnOPqvPpR9mHk/NbxlBDavsdBPxdWanezSW9IvsADYSnI3OuHIcbJpYFLPjW7E
AoCeKXI+B2puWKk2EHyfdr91NevNj2FKBokWvX8ml9OStMtNH1FIp2Uhl6r+O8Os
lKT/4CWrdlMCytn/OTqFrU/tGmnwfSVaKBcJfYQvblR4vBRdgZ/mI3uOpdUBFLxu
4BoeCs4M/RQF/ru6eHIUctMzW/thM9HjJd/MZEohEpeOKdnWUltVJGtn6uuxYVVl
RD+nijSSlRDeM9laWqE4pn4VZXlhbUDcwawfXkw0IeXExb8UPecQBO/JCcm9y42l
a4vVhXMBW36NTTLnuABxq3oV86wjv0dl2kRYgVLWuQpyS05S0VRH5OFWu1gqVjtA
EpmjcEGPGMnCGIpXfKYhjO1fxd9UfFxJCAGu/jL27J+TACgPkMuAU3UVQ+fgN1oj
NW+JulbdyBPOVtZRf1tH
=hNdU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ