Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150804123051.GA27639@lakka.kapsi.fi>
Date: Tue, 4 Aug 2015 15:30:51 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can I get CVE for WordPress 4.2.3 and earlier multiple vulnerabilities, thank
you.

https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

"""
WordPress 4.2.4 is now available. This is a security release for all previous
versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting
vulnerabilities and a potential SQL injection that could be used to compromise a
site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí
of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov.
It also includes a fix for a potential timing side-channel attack, discovered by
Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post
from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security
issues.
"""

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJVwLB6AAoJECet96ROqnV0V1IQAKmanHr9m+zYZI9R+DOpkkFP
NDgBMY1O12421mIWPTChCVKSMji952e/5Om7iyHONhMvGfWGkkPSTC6vN16rIxuC
Z6H+PR7dFwOX7l2aJmYmI6lz06ZsqAo2d4rtmse5tl1/Ty4HOrd0Lz206fvdTGqH
LyaDH3gvhuRdc/P7peG+JqK5/uYgTPoOf3Hd+xHQurxMqQ1HEwG/ewJxfeUJV7LX
ewYnOPqvPpR9mHk/NbxlBDavsdBPxdWanezSW9IvsADYSnI3OuHIcbJpYFLPjW7E
AoCeKXI+B2puWKk2EHyfdr91NevNj2FKBokWvX8ml9OStMtNH1FIp2Uhl6r+O8Os
lKT/4CWrdlMCytn/OTqFrU/tGmnwfSVaKBcJfYQvblR4vBRdgZ/mI3uOpdUBFLxu
4BoeCs4M/RQF/ru6eHIUctMzW/thM9HjJd/MZEohEpeOKdnWUltVJGtn6uuxYVVl
RD+nijSSlRDeM9laWqE4pn4VZXlhbUDcwawfXkw0IeXExb8UPecQBO/JCcm9y42l
a4vVhXMBW36NTTLnuABxq3oV86wjv0dl2kRYgVLWuQpyS05S0VRH5OFWu1gqVjtA
EpmjcEGPGMnCGIpXfKYhjO1fxd9UfFxJCAGu/jL27J+TACgPkMuAU3UVQ+fgN1oj
NW+JulbdyBPOVtZRf1tH
=hNdU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.