On 31.07.2016 14:07, Craig Small wrote: > I had a similar query from the security team. I think you are looking > for changeset 37798. > I got a security update but waiting on the team. > > I cannot see why 4.1.12 doesn't have this. > > https://core.trac.wordpress.org/changeset/37798 > > - Craig Thank you for the confirmation. I also thought that changeset/37798 would be the most likely fix for this issue. I wasn't sure because you marked CVE-2016-5836 as fixed in your Jessie update but I couldn't find anything related to oEmbed. I also tried to fix CVE-2015-8834 for Wheezy by backporting changeset/32387 but the database upgrade failed, at least I could not log back into the admin backend again. Did you notice a similar issue for Jessie? Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature