Re: squeeze update of wordpress?
Hi,
On Wed, 12 Aug 2015, Guido Günther wrote:
> > I suspect that Craig will suggest tracking the version in Wheezy for
> > simplicity's sake, as the internal changes since 3.6 may be too much to
> > easily backport security updates for.
>
> Yeah, there are several other CVEs affecting wordpress (also in squeeze)
> currently. I see two possible solutions: marking wordpress as
> end-of-life or piggy backing on another version since backporting will
> become really time consuming. In contrast to other things like openssl,
> ruby, nss this is rather a leave package that has little
> potential of breaking other things we ship.
Definitely, we have imported newer upstream releases multiple times in the
past to fix security issues and we can/should continue doing this (I was a
former maintainer of the package).
I would suggest backporting the package that Craig has been uploading
to newer releases.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: