Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0700 to the following vulnerability: Name: CVE-2011-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0700 Assigned: 20110131 Reference: http://openwall.com/lists/oss-security/2011/02/08/7 Reference: http://openwall.com/lists/oss-security/2011/02/09/13 Reference: http://codex.wordpress.org/Version_3.0.5 Reference: http://core.trac.wordpress.org/changeset/17397 Reference: http://core.trac.wordpress.org/changeset/17401 Reference: http://core.trac.wordpress.org/changeset/17406 Reference: http://core.trac.wordpress.org/changeset/17412 Reference: http://www.wordpress.org/news/2011/02/wordpress-3-0-5/ Reference: http://www.securityfocus.com/bid/46249 Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0701 to the following vulnerability: Name: CVE-2011-0701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0701 Assigned: 20110131 Reference: http://openwall.com/lists/oss-security/2011/02/08/7 Reference: http://openwall.com/lists/oss-security/2011/02/09/13 Reference: http://codex.wordpress.org/Version_3.0.5 Reference: http://core.trac.wordpress.org/changeset/17393 Reference: http://www.wordpress.org/news/2011/02/wordpress-3-0-5/ Reference: http://www.securityfocus.com/bid/46249 wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
Created wordpress-mu tracking bugs for this issue Affects: epel-5 [bug 687910] Affects: fedora-all [bug 687911]
Created wordpress tracking bugs for this issue Affects: epel-all [bug 687908] Affects: fedora-all [bug 687909]
wordpress-3.1 is now available on Fedora 13, 14, and 15 as well as EPEL5 and 6.