Re: CVEs for wordpress 3.4.2 release

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/12/2012 04:38 AM, Hanno Boeck wrote:
> I can't find CVEs assigend for the issues fixed in wordpress
> 3.4.2.
>
> http://wordpress.org/news/2012/09/wordpress-3-4-2/
>
>
> Sadly, the information is quite limited: "Version 3.4.2 also fixes
> a few security issues and contains some security hardening. The
> vulnerabilities included potential privilege escalation and a bug
> that affects multisite installs with untrusted users. These issues
> were discovered and fixed by the WordPress security team."
>
> I suggest assigning two: 1. potential privilege escalation 2.
> problem with untrusted users on multisite installations unless
> someone has more information.

Can security () wordpress org provide clarification on this please?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQUMCFAAoJEBYNRVNeJnmTf0AQAL3RfeJSF0MmIIauk1NTXfSJ
BPILB9bQIe1EEnwbx9ArDE7uDfnTMHRkj5Bd7zXZE14y2rY/fHyOOFYCwEkIkDXj
tNID0VQAZBRceykQfRRX7ECG416xrpDOb0JAno8weQ1g3ehKiWt9t8kAle6UGgSW
TfG9XDOPNs8QPvYOxfd44yRh0/y4rPsX1ZvY7T//2x+dwp0ZF5+geCsABLiNJe9k
4sDERYZxbpvxWE0q/fa/o362v9b33XnQCKWiTTx06oKVuMlEUam8YnkNq+18Tjko
uZyOY4CRb2l0aIKlBPQ8WKjdTMD27yRKMundl3fWhbMam4zEVCUQrdtkpgvg6hBU
2aFAONJNujs97fY6dfh64QDoopCjGiEkBnqOYazX9Loq7lPexdAthIdOlolYFACD
OMyWkAKJM+fMXRmcbWeQH9PpXUPLcx2K15JVu783Rn6WOBvuilT9VLwIGsIceTYi
nmECratK9wq3di8pCX1jRcDsm+wz4DgsH5zpiite2bJVW79IRAI+ETkLC9+Un6lZ
hAclMGwQOv/gyAie/KRKSPPF1Ajan1qPDB6bAx7nppKoG5q2B4S8SwEOEwWASf/Q
Gw/X8cfzW9vW+2aSPFcAZLODT16Z1twotJGJIJOwsRqgK45CSsyROPACUKD98+Y4
jCLekjZCv/h2NBEe4+gZ
=mUIn
-----END PGP SIGNATURE-----