WordPress before 3.4.1 does not properly restrict access to post contents
such as private or draft posts, which allows remote authors or contributors
to obtain sensitive information via unknown vectors.
Cross-site request forgery (CSRF) vulnerability in the customizer in
WordPress before 3.4.1 allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors.
WordPress 3.4.0 does not properly restrict access to unfiltered_html when
multisite is enabled, which allows remote administrators or editors to
perform cross-site scripting (XSS) attacks.
WordPress 3.3.3 was also released  to fix some of these issues in the 3.3 branch.
=www-apps/wordpress-3.4.1 is in the tree, thanks. Closing noglsa for ~arch only.