#862816 and CVE-2017-9066
Hi Craig
I can see the following comments from you:
+ * Backport patches from 4.7.5 Closes: #862816
+ CVEs to be added once issued
+ - CVE-2017-XXX
+ Insufficient redirect validation in the HTTP class.
+ (may not be vulnerable, no patch found)
The patch is available here:
https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
Do this mean that the package is vulnerable?
Wheezy is clearly vulnerable at least.
Best regards
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Folkebogatan 26 \
| opal@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: