Possible CVE Request: Wordpress 4.1.2 security release

[Salvatore Bonaccorso <carnil () debian org>]

Hi

I have not seen a request for CVEs for the issues fixed in the recent
WordPress security release:

https://wordpress.org/news/2015/04/wordpress-4-1-2/

> WordPress 4.1.2 is now available. This is a critical security release
> for all previous versions and we strongly encourage you to update your
> sites immediately.
>
> WordPress versions 4.1.1 and earlier are affected by a critical cross-
> site scripting vulnerability, which could enable anonymous users to
> compromise a site. This was reported by Cedric Van Bockhaven and fixed
> by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress
> security team.
>
> We also fixed three other security issues:
>
>  * In WordPress 4.1 and higher, files with invalid or unsafe names
>    could be uploaded. Discovered by Michael Kapfer and Sebastian
>    Kraemer of HSASec.
>  * In WordPress 3.9 and higher, a very limited cross-site scripting
>    vulnerability could be used as part of a social engineering attack.
>    Discovered by Jakub Zoczek.
>  * Some plugins were vulnerable to an SQL injection vulnerability.
>    Discovered by Ben Bidner of the WordPress security team.
>
> We also made four hardening changes, discovered by J.D. Grimes, Divyesh
> Prajapati, Allan Collins, Marc-Alexandre Montpas and Jeff Bowen.
>
> We appreciated the responsible disclosure of these issues directly to
> our security team. For more information, see the release notes or
> consult the list of changes.

Could you please assign CVEs to identify the issues fixed by the
latest WordPress release?

Regards,
Salvatore