oss-sec mailing list archives
Re: CVE Requests for WordPress 3.6.1
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 11 Sep 2013 18:28:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/11/2013 03:28 PM, Andrew Nacin wrote:
Three issues fixed in WordPress 3.6.1: http://codex.wordpress.org/Version_3.6.1 * Unsafe PHP unserialization. CWE-502. http://core.trac.wordpress.org/changeset/25325.
Please use CVE-2013-4338 for this issue.
* Open Redirect / Insufficient Input Validation. CWE-601. http://core.trac.wordpress.org/changeset/25323 and http://core.trac.wordpress.org/changeset/25324.
Please use CVE-2013-4339 for this issue.
* Privilege Escalation: a user with an Author role, using a specially crafted request, was able to create a post that was marked as "written by" another user. http://core.trac.wordpress.org/changeset/25321.
Please use CVE-2013-4340 for this issue. Perfect request =) Thanks - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSMQqzAAoJEBYNRVNeJnmTiHgQAJUu3dMQMUNUcILBw1vq60wd VONk5MrHOSZEepUi2RdWQqagH8x9LJMsxu19HcnK/qrGAAy6zXNvq4j9obszT9UV GMsAU5+OrXCuXvoNMCIofkqabdqXPGbWpw5o+l8I+j71ebOz1th7tH0yye24Badx y6nUFwYuzrA3x7DL4F3E2ERamGgegUvcwhcpQlUjaeu7TlF6w3Ikq9ZkrJKHOiiz jvon3WBkAy17ayP093uKbE+zrTrypx+WHoc9ucHdAPmwUgiRDTBPfiTQFaGLdo6P F6t3zQeaKBKiLKNuGlhmmpEfaMHchjEQTkx4Qjb8E73aOfSXEy0LW1FEhwWrCu9T O4v8utuqBR3YCOlmJirrCzz7cGtl9LNtW3/U6e12L6DFy9PthcrIgCxObpGJxUlh JfYFuMQtOFw22srsGJFD1fve7ewzHJb0hw21zTaxh4zggJS/ACEKy5Fnz+89YkFr D1pXYyD2MBuFlOwqxW8yXnfiIgX1tDWuE9YbbmwM7826iaagYkYlNS1gFVV/Aee1 ze/XOfRZlT2HjhdmKh7gvmTEE1/wJaA7H8LXi/3SuR24F4wfNpryQLx1MdEqSzXL 9GjcFTmdoVwZTOyaavaitCvRoOuopB7hT8SZws0MEHAEi9hFwzVjpokOxFESomki fAwjXoSgQlfn24LjKakh =Uj6o -----END PGP SIGNATURE-----
Current thread:
- CVE Requests for WordPress 3.6.1 Andrew Nacin (Sep 11)
- Re: CVE Requests for WordPress 3.6.1 Kurt Seifried (Sep 11)