Date: Thu, 23 Jun 2016 14:55:12 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://wordpress.org/news/2016/06/wordpress-4-5-3/ > - redirect bypass in the customizer, reported by Yassine Aboukir; Use CVE-2016-5832. > - XSS problem via attachment name reported by Jouko Pynnonen Use CVE-2016-5833. > - XSS problem via attachment name reported by Divyesh Prajapati Use CVE-2016-5834. > - revision history information disclosure, reported independently by > John Blackbourn from the WordPress security team and by Dan Moen from > the Wordfence Research Team; Use CVE-2016-5835 (for both reports). > - oEmbed denial of service reported by Jennifer Dodd from Automattic; Use CVE-2016-5836. > - unauthorized category removal from a post, reported by David Herrera > from Alley Interactive; Use CVE-2016-5837. > - password change via stolen cookie, reported by Michael Adams from the > WordPress security team; Use CVE-2016-5838. > - and some less secure sanitize_file_name edge cases reported by Peter > Westwood of the WordPress security team. Use CVE-2016-5839. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXbDAaAAoJEHb/MwWLVhi2vRsP/1cTw1/gyBFvOVlNRD4gUscp sVM6giF0Zex+dI8/mbpN+MVKaRVQyboyYkmIjsrpm8CkUZP+u04cxcoqcaoUOuSX IFr2IciixkO5oEJo8sBQdWYrkqUkUdUDqpbaVhjWF3R1/TtkPZSuFuSxcDZjSp6k OlRdC9kg325QJ7P6apqatAS2mnOM5N46SciRPZzuXZWBAtFlDYlBUAFmSjZri7cn +Wv5XgLa7Tr4sgDm7SYm4J7Uq5zxm/+iFyVCbIGoTsc9/J1ueSjuqQUNxfTa9exq d69CzHODuv97Uh1RkeaD0vWNRujH0IfiRTi4boC/6t5QyhVUwuIUcFnWt3JMEVL5 Zy72e9BrVCEnEOjmRNVHLtH1g5IE88qZmDMLlmDTS8B+9sR2YzqY4pxVvRSIWiLD GKR7UI0FOQw7L2tMcuVdTUmjDj3szeSVdrbBNqltwFGIWOVoM4YQgMbvMOLmTPUg 1Z1WcHLBbIkUTBExOgreTynbw6qNj07Ke58FJ48HOJokDNZu1OTYS/9DipIJfeuZ Iz6Agxrwe/56RY4Hw0v+t73QDw5NWymRcjUIH5CRXlWaF90lte1+WD+26tqdrOce bUTZCtSVC4p4EaJMVBlTAhHakt/jLNlSGo+E/X1+dyBZIN2gJBM6WgM0SevoFzNq wejdTa3fpDC0Nxv+829x =QXFm -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ