'[oss-security] Re: CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE Requests: WordPress: 4.5.3 maintenance and security release: several issues
From:       cve-assign () mitre ! org
Date:       2016-06-23 18:55:12
Message-ID: 20160623185512.F3E8552E016 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://wordpress.org/news/2016/06/wordpress-4-5-3/

>  - redirect bypass in the customizer, reported by Yassine Aboukir;

Use CVE-2016-5832.


>  - XSS problem via attachment name reported by Jouko Pynnonen

Use CVE-2016-5833.


>  - XSS problem via attachment name reported by Divyesh Prajapati

Use CVE-2016-5834.


>  - revision history information disclosure, reported independently by
>    John Blackbourn from the WordPress security team and by Dan Moen from
>    the Wordfence Research Team;

Use CVE-2016-5835 (for both reports).


>  - oEmbed denial of service reported by Jennifer Dodd from Automattic;

Use CVE-2016-5836.


>  - unauthorized category removal from a post, reported by David Herrera
>    from Alley Interactive;

Use CVE-2016-5837.


>  - password change via stolen cookie, reported by Michael Adams from the
>    WordPress security team;

Use CVE-2016-5838.


>  - and some less secure sanitize_file_name edge cases reported by Peter
>    Westwood of the WordPress security team.

Use CVE-2016-5839.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXbDAaAAoJEHb/MwWLVhi2vRsP/1cTw1/gyBFvOVlNRD4gUscp
sVM6giF0Zex+dI8/mbpN+MVKaRVQyboyYkmIjsrpm8CkUZP+u04cxcoqcaoUOuSX
IFr2IciixkO5oEJo8sBQdWYrkqUkUdUDqpbaVhjWF3R1/TtkPZSuFuSxcDZjSp6k
OlRdC9kg325QJ7P6apqatAS2mnOM5N46SciRPZzuXZWBAtFlDYlBUAFmSjZri7cn
+Wv5XgLa7Tr4sgDm7SYm4J7Uq5zxm/+iFyVCbIGoTsc9/J1ueSjuqQUNxfTa9exq
d69CzHODuv97Uh1RkeaD0vWNRujH0IfiRTi4boC/6t5QyhVUwuIUcFnWt3JMEVL5
Zy72e9BrVCEnEOjmRNVHLtH1g5IE88qZmDMLlmDTS8B+9sR2YzqY4pxVvRSIWiLD
GKR7UI0FOQw7L2tMcuVdTUmjDj3szeSVdrbBNqltwFGIWOVoM4YQgMbvMOLmTPUg
1Z1WcHLBbIkUTBExOgreTynbw6qNj07Ke58FJ48HOJokDNZu1OTYS/9DipIJfeuZ
Iz6Agxrwe/56RY4Hw0v+t73QDw5NWymRcjUIH5CRXlWaF90lte1+WD+26tqdrOce
bUTZCtSVC4p4EaJMVBlTAhHakt/jLNlSGo+E/X1+dyBZIN2gJBM6WgM0SevoFzNq
wejdTa3fpDC0Nxv+829x
=QXFm
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic