Re: jessie-backport of WordPress for DSA 3997-1?
On Sun, Nov 12, 2017 at 03:01:04PM +0000, Rodrigo Campos wrote:
> On Tue, Oct 31, 2017 at 03:16:59PM +0000, Rodrigo Campos wrote:
> > On Mon, Oct 30, 2017 at 03:46:10PM +0000, Rodrigo Campos wrote:
> > > On Mon, Oct 30, 2017 at 03:12:39PM +0000, Dominic Hargreaves wrote:
> > > > On Sun, Oct 29, 2017 at 11:35:38PM +0000, Rodrigo Campos wrote:
> > > > >
> > > > > Thanks again! This should on jessie backports now =)
> > > >
> > > > Curious, it doesn't show up on
> > >
> > > Oops. Craig, do you happen to know why this upload is taking so long? Or do you
> > > know who to ask?
> > >
> > > There are several security fixes, and they have been released for several days
> > > now :-/
> > A new wordpress security release is out there, if it affects stable (haven't
> > checked yet), will backport as soon as stable is fixed.
> Sorry to bother again, but is there something I'm missing?
> AFAIK, this wasn't uploaded to jessie backports nor the new security issue was
> fixed in stable (so I didn't create a new jessie backport, as I need to backport
> from stable).
It does appear that stable is still vulnerable to
So it seems that work is needed there. It would be good to get an update
from Craig about the status of this but let's carry that on on the bug
> One option I didn't check is that this new security doesn't affect stable. But
> even in that case, the package currently on jessie backports is not the last one
> I backported (see https://backports.debian.org/changes/jessie-backports.html)
> and Dominic tested.
I think the reason for the previously upload going missing might have
been that you set the distribution to stretch-backports rather than
jessie-backports. I've now uploaded the version I tested with only that
change to jessie-backports, in the absence from further feedback from