Date: Tue, 4 Aug 2015 15:30:51 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can I get CVE for WordPress 4.2.3 and earlier multiple vulnerabilities, thank you. https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ """ WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. """ - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJVwLB6AAoJECet96ROqnV0V1IQAKmanHr9m+zYZI9R+DOpkkFP NDgBMY1O12421mIWPTChCVKSMji952e/5Om7iyHONhMvGfWGkkPSTC6vN16rIxuC Z6H+PR7dFwOX7l2aJmYmI6lz06ZsqAo2d4rtmse5tl1/Ty4HOrd0Lz206fvdTGqH LyaDH3gvhuRdc/P7peG+JqK5/uYgTPoOf3Hd+xHQurxMqQ1HEwG/ewJxfeUJV7LX ewYnOPqvPpR9mHk/NbxlBDavsdBPxdWanezSW9IvsADYSnI3OuHIcbJpYFLPjW7E AoCeKXI+B2puWKk2EHyfdr91NevNj2FKBokWvX8ml9OStMtNH1FIp2Uhl6r+O8Os lKT/4CWrdlMCytn/OTqFrU/tGmnwfSVaKBcJfYQvblR4vBRdgZ/mI3uOpdUBFLxu 4BoeCs4M/RQF/ru6eHIUctMzW/thM9HjJd/MZEohEpeOKdnWUltVJGtn6uuxYVVl RD+nijSSlRDeM9laWqE4pn4VZXlhbUDcwawfXkw0IeXExb8UPecQBO/JCcm9y42l a4vVhXMBW36NTTLnuABxq3oV86wjv0dl2kRYgVLWuQpyS05S0VRH5OFWu1gqVjtA EpmjcEGPGMnCGIpXfKYhjO1fxd9UfFxJCAGu/jL27J+TACgPkMuAU3UVQ+fgN1oj NW+JulbdyBPOVtZRf1tH =hNdU -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.