Re: WordPress 4.2.1 security update - CVE please

[Salvatore Bonaccorso <carnil () debian org>]

Hi,

On Mon, Apr 27, 2015 at 09:29:01PM +0200, Alessandro Ghedini wrote:
> On Mon, Apr 27, 2015 at 09:08:44PM +0200, Salvatore Bonaccorso wrote:
> > Hi Kurt,
> >
> > On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
> > > http://codex.wordpress.org/Version_4.2.1
> > >
> > > Version 4.2.1 addressed a security issue. For more information, see the
> > > release notes.
> > >
> > > From the announcement post, WordPress 4.2.1 fixes a critical cross-site
> > > scripting (XSS) vulnerability, which could enable commenters to
> > > compromise a site.
> >
> > Had requested CVEs for this in
> > http://www.openwall.com/lists/oss-security/2015/04/26/2 .
>
> Note that this and your request are about two different wordpress releases (at
> first I got confused too by the version numbers, 4.1.2 != 4.2.1).

Yes you right, sorry for the confusion (I mixed up 4.1.2 and 4.2.1).

Thanks for the correction.

Regards,
Salvatore