oss-sec mailing list archives

CVEs for wordpress 3.4.2 release

From: Hanno Boeck <hanno () hboeck de>
Date: Wed, 12 Sep 2012 13:38:14 +0300

I can't find CVEs assigend for the issues fixed in wordpress 3.4.2.

http://wordpress.org/news/2012/09/wordpress-3-4-2/


Sadly, the information is quite limited:
"Version 3.4.2 also fixes a few security issues and contains some
security hardening. The vulnerabilities included potential privilege
escalation and a bug that affects multisite installs with untrusted
users. These issues were discovered and fixed by the WordPress security
team."

I suggest assigning two:
1. potential privilege escalation
2. problem with untrusted users on multisite installations
unless someone has more information.

Current thread:

CVEs for wordpress 3.4.2 release Hanno Boeck (Sep 12)
- Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 12)
  - Re: CVEs for wordpress 3.4.2 release Andrew Nacin (Sep 12)
    - Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)
- Re: CVEs for wordpress 3.4.2 release Yves-Alexis Perez (Sep 13)
  - Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)