Re: jessie-backport of WordPress for DSA 3997-1?
On Tue, Nov 28, 2017 at 01:13:07PM +0000, Dominic Hargreaves wrote:
> On Sun, Nov 12, 2017 at 03:01:04PM +0000, Rodrigo Campos wrote:
> >
> > Sorry to bother again, but is there something I'm missing?
> >
> > AFAIK, this wasn't uploaded to jessie backports nor the new security issue was
> > fixed in stable (so I didn't create a new jessie backport, as I need to backport
> > from stable).
>
> It does appear that stable is still vulnerable to
> <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880528>.
> So it seems that work is needed there. It would be good to get an update
> from Craig about the status of this but let's carry that on on the bug
> report.
Cool
>
> > One option I didn't check is that this new security doesn't affect stable. But
> > even in that case, the package currently on jessie backports is not the last one
> > I backported (see https://backports.debian.org/changes/jessie-backports.html)
> > and Dominic tested.
>
> I think the reason for the previously upload going missing might have
> been that you set the distribution to stretch-backports rather than
> jessie-backports. I've now uploaded the version I tested with only that
Ohh :(
Sorry, I'll re-check my script to do it. It's a shame it didn't fail more
clearly.
> change to jessie-backports, in the absence from further feedback from
> Craig.
Thanks a lot! And sorry again
Reply to: