[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of wordpress?

On Fri, Aug 14, 2015 at 10:11:19PM +0200, Guido Günther wrote:
> Yeah, we were just discussing on the list if it wouldn't be better to
> update wordpress to a more recent version in Squeeze to get a hold of
> all the CVEs currently affecting wordpress?
Ideally I'd only be running with 4.2.x in sid/stretch and 4.1.x in the
rest.  I don't think that can happen as wheezy is 3.6.1 I don't think
it would make sense to have 4.1.x in squeeze-lts and 3.6.1 in wheezy.

> Are you planning to introduce a new upstream version or to backport the
> fixes? Squeeze is currently in sync with Wheezy, we could try to keep it
> like that. Do you have plans for Wheezy yet?
Wheezy has pending patches for 3.6.1 waiting for security OK. My plan
was to just copy those patches down to squeeze as its the same base
wordpress they should be ok.

Other than running php lint, testing it will be tricky.
 - Craig

Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5

Reply to: