Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Nov 2014 14:56:33 -0500
From: Andrew Nacin <nacin@...dpress.org>
To: Kurt Seifried <kseifried@...hat.com>
Cc: Open Source Security <oss-security@...ts.openwall.com>
Subject: Re: WordPress 4.0.1 Security Release

On Tue, Nov 25, 2014 at 1:32 PM, Andrew Nacin <nacin@...dpress.org> wrote:

>  *  Previously an email address change would not invalidate a previous
> password reset email.  Affected versions <= 4.0 (except >= 3.8.5 / 3.7.5 /
> 3.9.3). WordPress now invalidates this if the user remembers their
> password, logs in, and changes their email address. Affected
>

Editing error. Last bullet should have read:

* Previously an email address change would not invalidate a previous
password reset email.  Affected versions <= 4.0 (except >= 3.8.5 / 3.7.5 /
3.9.3). WordPress now invalidates this if the user remembers their
password, logs in, and changes their email address. Reported by Momen
Bassel, Tanoy Bose, and Bojan Slavković.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.