Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri,  8 Jan 2016 10:38:37 -0500 (EST)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: WordPress: cross-site scripting vulnerability fixed in new 4.4.1 release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
> 
>> WordPress versions 4.4 and earlier are affected by a cross-site
>> scripting vulnerability that could allow a site to be compromised.
>> This was reported by Crtc4L.
> 
> There is no reference to the fix, but the change seems to be
> 
> https://core.trac.wordpress.org/changeset/36185
> 
> Cf. as well https://twitter.com/brutelogic/status/685105483397619713

Use CVE-2016-1564. This ID applies to the entirety of changeset/36185
(for example, we do not know whether the change involving
$this->stylesheet corresponds to a separate discovery).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWj9b9AAoJEL54rhJi8gl5xCoQAIjZVJGRAEUNc3NK8wGYyKi6
jngwkTCRRaStqGwP5sGuiyAGGHB1kvSnzIn12Ptr2/aXuQszGLXYjNUjO9wp0DUV
zHyDHNje+pzaQ+fTmplH+jdqmLWhxfNXI1S691NZ1HzrtqJ3LolrzMgH+XkQKWII
iICBqr2xRLhSi7bAoFSKAV0ng4jE2f9IDpi+Eab0DKQHo5JKR5bFobvU6vq0dLhX
uQyO/k20thjj4OCw7VXZLfGky1PSy5314ruPaTZwghWTWylX6Vr9pXU8RhobKOYT
cGdfC1HHwydcYJOTx5vAAh2QQlobCRY1h35Qdcd1FQjPdSTuuki80+zaPVdpBtOM
Oyq1idcHDk+ApWtj15BwSb6ujWlbBcNvWGjQx49WBE0a3o1XIaZmD/LG5QuMFuJi
4FQhSvA2095UTJaa28Vo+DlV4zcZWnxQBgTOQAQ6fZnCKmLePGPTugKaHWWDhlVP
LWC4Q5T27x/hTTFaph615V/ttJ09y+ULxwwx4ghbOrn9R6HZ5jFhJ+oNGjN9K72I
tVqieqwwPctQKujb7rtIZBakJQRhMQrHB5mlgwN7uwoAfcLu5VbA2IsKWGQtPBwU
PoL/wb60/S7sj3Z/KbKj4e28hKn66y/Fh5yL+5hPhpugoVtJqNhObCr5CSGJ5Sdk
7lNVEZxFLFZbtqmfkjrD
=MSDs
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ