[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of Wordpress

On 16.08.2016 10:22, Brian May wrote:
> Markus Koschany <apo@debian.org> writes:
>> I also tried to fix CVE-2015-8834 for Wheezy by backporting
>> changeset/32387 but the database upgrade failed, at least I could not
>> log back into the admin backend again. Did you notice a similar issue
>> for Jessie?
> I just had a look at this issue. Not sure I understand why the database
> upgrade failed, however I think I see bigger problem.
> Any comments?

Hi Brian,

I had pushed my proposed patch for CVE-2015-8834 to the wheezy branch in
the Wordpress Git repository. Maybe you can use it as a starting point.


As far as I understood the patch the upgrade should have been triggered
in any case because the db_version is still < 30135 in Wheezy

if ( $wp_current_db_version < 30135 )

My update was based on upstream's 4.1 branch. To me it didn't look like
that we needed a backport of intermediate database upgrades, but I might
be wrong. At least I only got a blank screen when I tried to log into
the admin backend. I hope you can spot the mistake.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: