Re: Security update of Wordpress

To: Markus Koschany <apo@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Security update of Wordpress
From: Craig Small <csmall@debian.org>
Date: Sun, 31 Jul 2016 12:07:52 +0000
Message-id: <[🔎] CALy8Cw55K5VX6yJiGJD1ffzCQ8zg21u2R+2XD4-uJJtGtp1iTg@mail.gmail.com>
In-reply-to: <[🔎] 161e564a-9583-bb17-f975-8a53dfcabf42@debian.org>
References: <[🔎] 161e564a-9583-bb17-f975-8a53dfcabf42@debian.org>

I had a similar query from the security team. I think you are looking for changeset 37798.

I got a security update but waiting on the team.

I cannot see why 4.1.12 doesn't have this.

https://core.trac.wordpress.org/changeset/37798

- Craig

On Tue, Jul 26, 2016 at 4:42 PM Markus Koschany <apo@debian.org> wrote:

Hi Craig,

I have prepared a security update for Wordpress in Wheezy and pushed my
work to

https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?h=wheezy&id=d1f7bfa1d5109509bb4ab7ab23d0e7e7dc8736cc

I intend to release it soon but I haven't found the changeset / fix for
CVE-2016-5836 yet. Do you have any idea where can I find more
information about that? Your update for Jessie doesn't seem to include
it. I looked at the diff between 4.5.2 and 4.5.3 and could find some
changes regarding oEmbed but I would appreciate another confirmation.

Regards,

Markus

Reply to:

Follow-Ups:
- Re: Security update of Wordpress
  - From: Markus Koschany <apo@debian.org>

References:
- Security update of Wordpress
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Security update of openssh for wheezy
Next by Date: Icedtea plugin
Previous by thread: Security update of Wordpress
Next by thread: Re: Security update of Wordpress
Index(es):
- Date
- Thread