Date: Thu, 5 Feb 2015 19:53:47 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin On Thu, Feb 05, 2015 at 11:52:19AM -0500, cve-assign@...re.org wrote: > Use CVE-2015-1494. Please note they released 3.0.4 to mitigate the problem in case someone updates, but does not remove malicious code. This is unusual from WordPress plugin authors. I am very happy to see improvement. 3.0.4 Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code. -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.