Re: [BSA-114] Security update for wordpress

To: deb@hasig.de
Cc: Rodrigo Campos <rodrigo@sdfg.com.ar>, Michael Howe <michael@michaelhowe.org>, Craig Small <csmall@debian.org>, debian-backports@lists.debian.org
Subject: Re: [BSA-114] Security update for wordpress
From: Jan Ingvoldstad <frettled@gmail.com>
Date: Tue, 7 Feb 2017 08:42:02 +0100
Message-id: <[🔎] CAEffzkxjsh3yXKqpXi8iYDQGcN9YefGAxUGK6nrffXz7d-PrAw@mail.gmail.com>
In-reply-to: <[🔎] fc614674-c137-fbb0-f3ac-d999ba612e4b@hasig.de>
References: <20170123073904.smt5him4toexhfzg@enc.com.au> <20170130150009.GW10047@michaelhowe.org> <[🔎] 20170207005530.GF2477@sdfg.com.ar> <[🔎] fc614674-c137-fbb0-f3ac-d999ba612e4b@hasig.de>

On Tue, Feb 7, 2017 at 4:24 AM, <deb@hasig.de> wrote:

hi,
isnt 4.7.1 highliy hackable?

Correct, this is due to a feature introduced in 4.7.

If 4.7.2 cannot be pushed out, the most recent 4.6 with the most recent security patches should.

4.7 or 4.7.1 *must be avoided* as they introduce a very bad remote command execution vulnerability.

https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/

--

Jan

Reply to:

References:
- Re: [BSA-114] Security update for wordpress
  - From: Rodrigo Campos <rodrigo@sdfg.com.ar>
- Re: [BSA-114] Security update for wordpress
  - From: deb@hasig.de

Prev by Date: Re: [BSA-114] Security update for wordpress
Next by Date: Re: Broken (jessie) backports
Previous by thread: Re: [BSA-114] Security update for wordpress
Next by thread: Re: [BSA-114] Security update for wordpress
Index(es):
- Date
- Thread