CVE-2012-3385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3385): WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. CVE-2012-3384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3384): Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. CVE-2012-3383 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3383): WordPress 3.4.0 does not properly restrict access to unfiltered_html when multisite is enabled, which allows remote administrators or editors to perform cross-site scripting (XSS) attacks. WordPress 3.3.3 was also released [1] to fix some of these issues in the 3.3 branch. [1] http://codex.wordpress.org/Version_3.3.3
=www-apps/wordpress-3.4.1 is in the tree, thanks. Closing noglsa for ~arch only.