Wordpress security update

To: Craig Small <csmall@debian.org>, "team@security.debian.org" <team@security.debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Wordpress security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 14 Mar 2017 09:56:48 +0100
Message-id: <[🔎] 891b9ba5-f8b3-d01f-67db-18ea42830bd0@debian.org>

Hello Craig, hello security team

I am currently working on a security update of Wordpress for Wheezy.
Craig I noticed your Git commit for Jessie [1]. You fixed CVE-2017-6816
(cs40176_plugin_delete) although the security team marked this one as
<not-affected> for both Wheezy and Jessie. However I tend to agree with
you that they are affected.

@security team: Why did you choose to mark CVE-2017-6816 as not affected?

@Craig: How did you get the information about affected versions in your
initial bug report which might explain this decision? [2]

Regards,

Markus


[1]
https://anonscm.debian.org/git/collab-maint/wordpress.git/commit/?h=jessie&id=825b4377310c6b64ffc9707def7393cbbebcb8eb

[2] https://bugs.debian.org/857026

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Wordpress security update
  - From: Craig Small <csmall@debian.org>

Prev by Date: Wheezy update of audiofile?
Next by Date: Re: Wordpress security update
Previous by thread: Re: Wheezy update of audiofile?
Next by thread: Re: Wordpress security update
Index(es):
- Date
- Thread