Hi Craig, On Thu, Apr 05, 2018 at 09:12:45PM +1000, Craig Small wrote: > Source: wordpress > Version: 4.9.4-1 > Severity: grave > Tags: security upstream > Justification: user security hole > > WordPress 4.9.5 fixes 3 security issues: > 1) Don't treat localhost as same host by default. > 2) Use safe redirects when redirecting the login page if SSL is forced. > 3) Make sure the version string is correctly escaped for use in generator > tags. > > The patches are: > 1) 42894 - https://core.trac.wordpress.org/changeset/42894 > 2) 42892 - https://core.trac.wordpress.org/changeset/42892 > 3) 42893 - https://core.trac.wordpress.org/changeset/42893
Have you requested CVEs for those three new issues? Regards, Salvatore