[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted wordpress 4.5.2+dfsg-1~bpo8+1 (source all) into jessie-backports

The changelog for 4.5.2+dfsg-1 mentions it fixes a XSS attack, 4.5.2+dfsg-1~bpo8-1 is the backport of that same package. Is that enough, or you want the bpo change to mention its a security release?

On Sun, May 8, 2016 at 3:13 PM Alexander Wirt <formorer@formorer.de> wrote:
On Sun, 08 May 2016, Rodrigo Campos wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 07 May 2016 14:42:17 -0300
> Source: wordpress
> Binary: wordpress wordpress-l10n wordpress-theme-twentysixteen wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen
> Architecture: source all
> Version: 4.5.2+dfsg-1~bpo8+1
wordpress  | 4.5+dfsg-1           | testing                 | source, all

This version is not in testing. If it contains security fixes (what is what I expect
for wordpress) please mention it in the changelog.

We (ftpmasters) should make this mandatory now that the requirement for
including changes is gone.

Alex


--
Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5
Reply to: