On 16.08.2016 10:22, Brian May wrote: > Markus Koschany <apo@debian.org> writes: > >> I also tried to fix CVE-2015-8834 for Wheezy by backporting >> changeset/32387 but the database upgrade failed, at least I could not >> log back into the admin backend again. Did you notice a similar issue >> for Jessie? > > I just had a look at this issue. Not sure I understand why the database > upgrade failed, however I think I see bigger problem. [...] > Any comments? Hi Brian, I had pushed my proposed patch for CVE-2015-8834 to the wheezy branch in the Wordpress Git repository. Maybe you can use it as a starting point. https://anonscm.debian.org/cgit/collab-maint/wordpress.git/tree/debian/patches/cs32387_mysql_char_encode.patch?h=wheezy&id=d1f7bfa1d5109509bb4ab7ab23d0e7e7dc8736cc As far as I understood the patch the upgrade should have been triggered in any case because the db_version is still < 30135 in Wheezy if ( $wp_current_db_version < 30135 ) upgrade_415(); My update was based on upstream's 4.1 branch. To me it didn't look like that we needed a backport of intermediate database upgrades, but I might be wrong. At least I only got a blank screen when I tried to log into the admin backend. I hope you can spot the mistake. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature