oss-sec mailing list archives
Re: CVEs for wordpress 3.4.2 release
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 12 Sep 2012 11:04:05 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/12/2012 04:38 AM, Hanno Boeck wrote:
I can't find CVEs assigend for the issues fixed in wordpress 3.4.2. http://wordpress.org/news/2012/09/wordpress-3-4-2/ Sadly, the information is quite limited: "Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team." I suggest assigning two: 1. potential privilege escalation 2. problem with untrusted users on multisite installations unless someone has more information.
Can security () wordpress org provide clarification on this please? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQUMCFAAoJEBYNRVNeJnmTf0AQAL3RfeJSF0MmIIauk1NTXfSJ BPILB9bQIe1EEnwbx9ArDE7uDfnTMHRkj5Bd7zXZE14y2rY/fHyOOFYCwEkIkDXj tNID0VQAZBRceykQfRRX7ECG416xrpDOb0JAno8weQ1g3ehKiWt9t8kAle6UGgSW TfG9XDOPNs8QPvYOxfd44yRh0/y4rPsX1ZvY7T//2x+dwp0ZF5+geCsABLiNJe9k 4sDERYZxbpvxWE0q/fa/o362v9b33XnQCKWiTTx06oKVuMlEUam8YnkNq+18Tjko uZyOY4CRb2l0aIKlBPQ8WKjdTMD27yRKMundl3fWhbMam4zEVCUQrdtkpgvg6hBU 2aFAONJNujs97fY6dfh64QDoopCjGiEkBnqOYazX9Loq7lPexdAthIdOlolYFACD OMyWkAKJM+fMXRmcbWeQH9PpXUPLcx2K15JVu783Rn6WOBvuilT9VLwIGsIceTYi nmECratK9wq3di8pCX1jRcDsm+wz4DgsH5zpiite2bJVW79IRAI+ETkLC9+Un6lZ hAclMGwQOv/gyAie/KRKSPPF1Ajan1qPDB6bAx7nppKoG5q2B4S8SwEOEwWASf/Q Gw/X8cfzW9vW+2aSPFcAZLODT16Z1twotJGJIJOwsRqgK45CSsyROPACUKD98+Y4 jCLekjZCv/h2NBEe4+gZ =mUIn -----END PGP SIGNATURE-----
Current thread:
- CVEs for wordpress 3.4.2 release Hanno Boeck (Sep 12)
- Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 12)
- Re: CVEs for wordpress 3.4.2 release Andrew Nacin (Sep 12)
- Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)
- Re: CVEs for wordpress 3.4.2 release Andrew Nacin (Sep 12)
- Re: CVEs for wordpress 3.4.2 release Yves-Alexis Perez (Sep 13)
- Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 13)
- Re: CVEs for wordpress 3.4.2 release Kurt Seifried (Sep 12)