On Thu, Apr 05, 2018 at 09:12:45PM +1000, Craig Small wrote:
> Source: wordpress
> Version: 4.9.4-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> WordPress 4.9.5 fixes 3 security issues:
> 1) Don't treat localhost as same host by default.
> 2) Use safe redirects when redirecting the login page if SSL is forced.
> 3) Make sure the version string is correctly escaped for use in generator
> The patches are:
> 1) 42894 - https://core.trac.wordpress.org/changeset/42894
> 2) 42892 - https://core.trac.wordpress.org/changeset/42892
> 3) 42893 - https://core.trac.wordpress.org/changeset/42893
Have you requested CVEs for those three new issues?