Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Aug 2015 15:30:51 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can I get CVE for WordPress 4.2.3 and earlier multiple vulnerabilities, thank
you.

https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

"""
WordPress 4.2.4 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting
vulnerabilities and a potential SQL injection that could be used to compromise a
site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí
of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov.
It also includes a fix for a potential timing side-channel attack, discovered by
Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post
from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security
issues.
"""

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJVwLB6AAoJECet96ROqnV0V1IQAKmanHr9m+zYZI9R+DOpkkFP
NDgBMY1O12421mIWPTChCVKSMji952e/5Om7iyHONhMvGfWGkkPSTC6vN16rIxuC
Z6H+PR7dFwOX7l2aJmYmI6lz06ZsqAo2d4rtmse5tl1/Ty4HOrd0Lz206fvdTGqH
LyaDH3gvhuRdc/P7peG+JqK5/uYgTPoOf3Hd+xHQurxMqQ1HEwG/ewJxfeUJV7LX
ewYnOPqvPpR9mHk/NbxlBDavsdBPxdWanezSW9IvsADYSnI3OuHIcbJpYFLPjW7E
AoCeKXI+B2puWKk2EHyfdr91NevNj2FKBokWvX8ml9OStMtNH1FIp2Uhl6r+O8Os
lKT/4CWrdlMCytn/OTqFrU/tGmnwfSVaKBcJfYQvblR4vBRdgZ/mI3uOpdUBFLxu
4BoeCs4M/RQF/ru6eHIUctMzW/thM9HjJd/MZEohEpeOKdnWUltVJGtn6uuxYVVl
RD+nijSSlRDeM9laWqE4pn4VZXlhbUDcwawfXkw0IeXExb8UPecQBO/JCcm9y42l
a4vVhXMBW36NTTLnuABxq3oV86wjv0dl2kRYgVLWuQpyS05S0VRH5OFWu1gqVjtA
EpmjcEGPGMnCGIpXfKYhjO1fxd9UfFxJCAGu/jL27J+TACgPkMuAU3UVQ+fgN1oj
NW+JulbdyBPOVtZRf1tH
=hNdU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.