Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Sep 2013 17:28:26 -0400
From: Andrew Nacin <>
To: Open Source Security <>
Subject: CVE Requests for WordPress 3.6.1

Three issues fixed in WordPress 3.6.1:

 * Unsafe PHP unserialization. CWE-502.

 * Open Redirect / Insufficient Input Validation. CWE-601. and

 * Privilege Escalation: a user with an Author role, using a specially
crafted request, was able to create a post that was marked as "written by"
another user.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.