Posted by Jouko Pynnonen on Mar 19
*Overview*
Google Analytics by Yoast is a WordPress plug-in for monitoring website
traffic. With approximately seven million downloads it’s one of the most
popular WordPress plug-ins.
A security vulnerability in the plug-in allows an unauthenticated attacker
to store arbitrary HTML, including JavaScript, in the WordPress
administrator’s Dashboard on the target system. The JavaScript will be
triggered when an administrator views the…
Posted by Nick Boyce on Mar 19
Maybe you didn’t supply all the information required for a CVE to be
assigned ? There are a *huge* number of potential security-related
flaws being discovered in open-source software now as various
researchers pour a lot of effort into auditing – and discussions about
these flaws frequently get bogged down in whether or not the flaw is
“by design” or “as documented” or is just crappy programming but
doesn’t actually…
Posted by Peter Adkins on Mar 19
I’ve encountered a similar issue earlier this year.
I’m in the same boat with regards to wondering whether there was a
problem with content / submission – despite following the supplied
guidelines – or whether the delay in response is due to workload and
prioritization.
Initially I had responses to requests for CVE assignments from Mitre
after around 12 days. However, after replying with the requested
information it went dark, and I…
Posted by Steven M. Christey on Mar 19
We recognize that some requesters have experienced delays, and
sometimes lengthy delays, in getting CVE IDs assigned. We apologize
for those delays.
The number of cve-assign requests has been growing dramatically, as
has the number of unique and new requesters. Our goal is always to
provide reasonable response times, and we were caught by the spike in
requests.
We are working to improve our responsiveness through a combination of
process…
Posted by Daniel Wood on Mar 19
Unfortunately, this has been happening to many people within the last year.
My suggestion is to assign your own numbering schema to them and post the details. If they gain momentum then you may
get one assigned anyway if it’s serious enough.
Sent from my iPhone
CentOS Errata and Bugfix Advisory 2015:0706 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0706.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a62a65e2d6d0afafbdc6463183a8174658ca263f5b7a435d412b74b0486ee40a mailman-2.1.9-8.el5_11.i386.rpm x86_64: 202273a783f9f5b7f9ff8aed079e74550513ad0892254dd212ccfc95e314a0cb mailman-2.1.9-8.el5_11.x86_64.rpm Source: f50ce88349a0e67566f9c423a9999650d63e8ecc7d040f294e8134c6fead1692 mailman-2.1.9-8.el5_11.src.rpm
CentOS Errata and Bugfix Advisory 2015:0704 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0704.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e6192420c384f530294e4e784bff0e00adcbff2723eea54c615306c494fc7e9c cronie-1.4.4-14.el6.i686.rpm c5c70c19f590bb352ddd8bb4bed3d7f00fbfbd32ea14588b0a8acc9f911ac8a6 cronie-anacron-1.4.4-14.el6.i686.rpm bf741a4729637a643b6c174fbd00eb52b047defcc06e57fbe669de82df522224 cronie-noanacron-1.4.4-14.el6.i686.rpm x86_64: 9833a9a4e45b3e4e785eea33520ad2791588069d631d76ee9506bee94d3abc2a cronie-1.4.4-14.el6.x86_64.rpm f5a90e8bfcc05e7d711aeeca376e77bdf88f8f6f9e8a3170ca08ede5e970ad22 cronie-anacron-1.4.4-14.el6.x86_64.rpm 52e0b08010e362924a7d073694f165e3b0da9bbaf80b2701bababeb8db22dc29 cronie-noanacron-1.4.4-14.el6.x86_64.rpm Source: 982a88f6f3eaeec0cda27ec869da28b6391ec95220279f9f5ca1c9dcc7ebf518 cronie-1.4.4-14.el6.src.rpm
CentOS Errata and Bugfix Advisory 2015:0705 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0705.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1def90ff9c71775aa23d6268112fce4ec2df2f5279459a3d5599313b50297492 ccs-0.16.2-75.el6_6.1.i686.rpm d6c8c7864414b96e89b876c615e764c9b96849074b13fddfab7473e4069a0bba ricci-0.16.2-75.el6_6.1.i686.rpm x86_64: a4ff55c071ef8bb2c0a68f84aa80a5adc61228659cd698048ac72fcc214248b6 ccs-0.16.2-75.el6_6.1.x86_64.rpm e69687783ed27e6fe561a0b2c6169fa2b3704f10e11a984c6426710b7150fa1b ricci-0.16.2-75.el6_6.1.x86_64.rpm Source: d4e7fa17d4ec8f7909c682c3a4d80e60e4f948ee9d8f1a870802e16478c1ac34 ricci-0.16.2-75.el6_6.1.src.rpm
CentOS Errata and Enhancement Advisory 2015:0703 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0703.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 893386b534fbeda5a2f1702fab60cc087b037ece82635bb316c3e13fb5856e83 keepalived-1.2.13-5.el6_6.i686.rpm x86_64: 6c88615dc0b9c73269b68caa66a095951a213c2e080ee21a43e8ca25c280771c keepalived-1.2.13-5.el6_6.x86_64.rpm Source: 0f3772f42bbc8a90d420d077c1c147ccfa04b9a302c4566be5683b6157dd4664 keepalived-1.2.13-5.el6_6.src.rpm
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page