Re: jessie-backport of WordPress for DSA 3997-1?
On Sun, Nov 12, 2017 at 03:01:04PM +0000, Rodrigo Campos wrote:
> On Tue, Oct 31, 2017 at 03:16:59PM +0000, Rodrigo Campos wrote:
> > On Mon, Oct 30, 2017 at 03:46:10PM +0000, Rodrigo Campos wrote:
> > > On Mon, Oct 30, 2017 at 03:12:39PM +0000, Dominic Hargreaves wrote:
> > > > On Sun, Oct 29, 2017 at 11:35:38PM +0000, Rodrigo Campos wrote:
> > > > >
> > > > > Thanks again! This should on jessie backports now =)
> > > >
> > > > Curious, it doesn't show up on
> > >
> > > Oops. Craig, do you happen to know why this upload is taking so long? Or do you
> > > know who to ask?
> > >
> > > There are several security fixes, and they have been released for several days
> > > now :-/
> >
> > A new wordpress security release is out there, if it affects stable (haven't
> > checked yet), will backport as soon as stable is fixed.
>
> Sorry to bother again, but is there something I'm missing?
>
> AFAIK, this wasn't uploaded to jessie backports nor the new security issue was
> fixed in stable (so I didn't create a new jessie backport, as I need to backport
> from stable).
It does appear that stable is still vulnerable to
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880528>.
So it seems that work is needed there. It would be good to get an update
from Craig about the status of this but let's carry that on on the bug
report.
> One option I didn't check is that this new security doesn't affect stable. But
> even in that case, the package currently on jessie backports is not the last one
> I backported (see https://backports.debian.org/changes/jessie-backports.html)
> and Dominic tested.
I think the reason for the previously upload going missing might have
been that you set the distribution to stretch-backports rather than
jessie-backports. I've now uploaded the version I tested with only that
change to jessie-backports, in the absence from further feedback from
Craig.
Dominic.
Reply to: