|
Message-ID: <CABRvpqDtYFbjbFNby6kCQnMz_8WtwZqE5t9LFBAKGTgTRPjaBQ@mail.gmail.com> Date: Tue, 25 Nov 2014 14:56:33 -0500 From: Andrew Nacin <nacin@...dpress.org> To: Kurt Seifried <kseifried@...hat.com> Cc: Open Source Security <oss-security@...ts.openwall.com> Subject: Re: WordPress 4.0.1 Security Release On Tue, Nov 25, 2014 at 1:32 PM, Andrew Nacin <nacin@...dpress.org> wrote: > * Previously an email address change would not invalidate a previous > password reset email. Affected versions <= 4.0 (except >= 3.8.5 / 3.7.5 / > 3.9.3). WordPress now invalidates this if the user remembers their > password, logs in, and changes their email address. Affected > Editing error. Last bullet should have read: * Previously an email address change would not invalidate a previous password reset email. Affected versions <= 4.0 (except >= 3.8.5 / 3.7.5 / 3.9.3). WordPress now invalidates this if the user remembers their password, logs in, and changes their email address. Reported by Momen Bassel, Tanoy Bose, and Bojan Slavković.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.