[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of wordpress?


On Wed, 12 Aug 2015, Guido Günther wrote:
> > I suspect that Craig will suggest tracking the version in Wheezy for
> > simplicity's sake, as the internal changes since 3.6 may be too much to
> > easily backport security updates for.
> Yeah, there are several other CVEs affecting wordpress (also in squeeze)
> currently. I see two possible solutions: marking wordpress as
> end-of-life or piggy backing on another version since backporting will
> become really time consuming. In contrast to other things like openssl,
> ruby, nss this is rather a leave package that has little
> potential of breaking other things we ship.

Definitely, we have imported newer upstream releases multiple times in the
past to fix security issues and we can/should continue doing this (I was a
former maintainer of the package).

I would suggest backporting the package that Craig has been uploading
to newer releases.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to: