[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] WordPress 4.2.1 security  update - CVE please
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2015-04-27 19:34:28
Message-ID: 20150427193428.GA14638 () eldamar ! local
[Download RAW message or body]

Hi,

On Mon, Apr 27, 2015 at 09:29:01PM +0200, Alessandro Ghedini wrote:
> On Mon, Apr 27, 2015 at 09:08:44PM +0200, Salvatore Bonaccorso wrote:
> > Hi Kurt,
> > 
> > On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote:
> > > http://codex.wordpress.org/Version_4.2.1
> > > 
> > > Version 4.2.1 addressed a security issue.	For more information, see the
> > > release notes.
> > > 
> > > From the announcement post, WordPress 4.2.1 fixes a critical cross-site
> > > scripting (XSS) vulnerability, which could enable commenters to
> > > compromise a site.
> > 
> > Had requested CVEs for this in
> > http://www.openwall.com/lists/oss-security/2015/04/26/2 .
> 
> Note that this and your request are about two different wordpress releases (at
> first I got confused too by the version numbers, 4.1.2 != 4.2.1).

Yes you right, sorry for the confusion (I mixed up 4.1.2 and 4.2.1).

Thanks for the correction.

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]