Launchpad CVE tracker

CVE 2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

Related bugs and status

CVE-2012-3385 (Candidate) is related to these bugs:

Bug #1020452: On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.

Summary				In	Importance	Status
	1020452	On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.		wordpress (Ubuntu)	Undecided	Fix Released
	1020452	On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.		wordpress (Debian)	Unknown	Fix Released

Bug #1221040: Sync wordpress 3.6.1 (universe) from Debian stable-security

		In	Importance	Status
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu)	High	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Precise)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Quantal)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Raring)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Debian)	Unknown	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3385

References