oss-security - Re: CVE-request: WordPress 3.1.1

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 19 Apr 2012 10:43:23 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: Kurt Seifried <kseifried@...hat.com>,
	Hanno Böck <hanno@...eck.de>,
	Yves-Alexis Perez <corsac@...ian.org>
Subject: Re: CVE-request: WordPress 3.1.1

On Tue, Apr 17, 2012 at 11:10:27PM -0600, Kurt Seifried wrote:
> Can you make a clean list of security issues and the versions
> affected? Thanks.

Two issues in 3.1.1 are without 2011 CVE-identifiers, which are announced in here: http://wordpress.org/news/2011/04/wordpress-3-1-1/ (April 5, 2011).

Issue #1:

http://osvdb.org/show/osvdb/72141
http://secunia.com/advisories/44038/

"Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site."

Issue #2:

http://osvdb.org/show/osvdb/72142
http://secunia.com/advisories/44038/

"The "make_clickable()" function in wp-includes/formatting.php does not properly check the URL length in comments before passing it to the PCRE library, which can be exploited to cause a crash."

Both vulnerabilities are reported in versions prior to 3.1.1.

- Henri Salo

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.