oss-sec mailing list archives
CVE #'s for WordPress 3.4.1 release
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 02 Jul 2012 15:24:17 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://codex.wordpress.org/Version_3.4.1 Lists several security issues as corrected: - -Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0. - -CSRF. Additional CSRF protection in the customizer. - -Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts). - -Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information. - -Hardening: Require a child theme to be activated with its intended parent only. Have CVE #'s been assigned for these issues? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP8hGBAAoJEBYNRVNeJnmTFeYQALr3NJwGigRW2vPW66LpPiP0 1qZz5hj4uKV9W/KSr3QRXQ8+txfqXNypnbXbLtvqtxIkIXnF2MLL6u7hi39JZph6 Vx/Tn2Fzk3ec1uQj3lUi9Cx4/bcl8TXp+Z4Q7Rq9g1WJH21UzZ2PTDnaX9Losy7Y 6w1LYjVoNTuEjtYfGPMQJl+LoQdKf0UHAEugVonDjHzxr9gBbvfcQds4zEBv46pZ BVrInfn5SPRxaFAVIAWu3yzMyblTMjssJ969HzLcMaPzMrrD/GNFKNu/lameKIoj ynAe2+wxCwhhZ+aoXTIMDut+f5L879kMWcQIBYAtXPOsrCHtlMmKkcu3ewKtWbwx gGPShan0k/CZBrCn7MITe2QO33j/YpgqI7SYg7TAgHFlxqHQBc0TqX7h6ij0WMMD 6RCpnn0eO1HwbwmWSigLgTKzNcRkTJrA0R7Qo772DVevnyK9Nqs/LvGrJLQ2+IkX 0JPkDQf4dTGgOQlElESCbyZ0DTEATsjIvu9WdUlIgIPdvdsZPPk7uSfFs5bIo5bA 4LwE9zNdfpUfedhF4VmNO+tJA3+DhA7iFfrz7GVAAXdhMseBhyWiuemphAaFkxEc oMKV0nudnkWAuv5LVDeCkqDqpjskTAPSyva4k/91KAgtouYxNhtQD7dbFLR2cZdx c2YAM+D7Xq65Ik9rRsg1 =2Zdu -----END PGP SIGNATURE-----
Current thread:
- CVE #'s for WordPress 3.4.1 release Kurt Seifried (Jul 02)
- Re: CVE #'s for WordPress 3.4.1 release Kurt Seifried (Jul 07)