oss-sec mailing list archives
Re: WordPress 4.2.1 security update - CVE please
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 27 Apr 2015 21:34:28 +0200
Hi, On Mon, Apr 27, 2015 at 09:29:01PM +0200, Alessandro Ghedini wrote:
On Mon, Apr 27, 2015 at 09:08:44PM +0200, Salvatore Bonaccorso wrote:Hi Kurt, On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:http://codex.wordpress.org/Version_4.2.1 Version 4.2.1 addressed a security issue. For more information, see the release notes. From the announcement post, WordPress 4.2.1 fixes a critical cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site.Had requested CVEs for this in http://www.openwall.com/lists/oss-security/2015/04/26/2 .Note that this and your request are about two different wordpress releases (at first I got confused too by the version numbers, 4.1.2 != 4.2.1).
Yes you right, sorry for the confusion (I mixed up 4.1.2 and 4.2.1). Thanks for the correction. Regards, Salvatore
Current thread:
- WordPress 4.2.1 security update - CVE please Kurt Seifried (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Alessandro Ghedini (Apr 27)
- Re: WordPress 4.2.1 security update - CVE please Salvatore Bonaccorso (Apr 27)