Candidate: CVE-2012-4421
PublicDate: 2012-09-14 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4421
 http://openwall.com/lists/oss-security/2012/09/13/4
 http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file2
 http://codex.wordpress.org/Version_3.4.2
Description:
 The create_post function in wp-includes/class-wp-atom-server.php in
 WordPress before 3.4.2 does not perform a capability check, which allows
 remote authenticated users to bypass intended access restrictions and
 publish new posts by leveraging the Contributor role and using the Atom
 Publishing Protocol (aka AtomPub) feature.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (3.4.2+dfsg-1)
hardy_wordpress: ignored (reached end-of-life)
lucid_wordpress: ignored (reached end-of-life)
natty_wordpress: ignored (reached end-of-life)
oneiric_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needs-triage)
quantal_wordpress: not-affected (3.4.2+dfsg-1)
raring_wordpress: not-affected (3.4.2+dfsg-1)
saucy_wordpress: not-affected (3.4.2+dfsg-1)
trusty_wordpress: not-affected (3.4.2+dfsg-1)
trusty/esm_wordpress: DNE (trusty was not-affected [3.4.2+dfsg-1])
utopic_wordpress: not-affected (3.4.2+dfsg-1)
vivid_wordpress: not-affected (3.4.2+dfsg-1)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: not-affected (3.4.2+dfsg-1)
xenial_wordpress: not-affected (3.4.2+dfsg-1)
yakkety_wordpress: not-affected (3.4.2+dfsg-1)
zesty_wordpress: not-affected (3.4.2+dfsg-1)
devel_wordpress: not-affected (3.4.2+dfsg-1)