Date: Thu, 4 Feb 2016 17:33:18 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability Hi A new security and maintanance release for WordPress was announced, which addresses two security issues: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/ According to the announcement: > WordPress versions 4.4.1 and earlier are affected by two security > issues: a possible SSRF for certain local URIs, reported by Ronni > Skansing; and an open redirection attack, reported by Shailesh > Suthar. Could two CVEs be assigned for the repspective issues? References: https://core.trac.wordpress.org/changeset/36444 https://core.trac.wordpress.org/changeset/36435 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ