Hello Craig, hello security team I am currently working on a security update of Wordpress for Wheezy. Craig I noticed your Git commit for Jessie [1]. You fixed CVE-2017-6816 (cs40176_plugin_delete) although the security team marked this one as <not-affected> for both Wheezy and Jessie. However I tend to agree with you that they are affected. @security team: Why did you choose to mark CVE-2017-6816 as not affected? @Craig: How did you get the information about affected versions in your initial bug report which might explain this decision? [2] Regards, Markus [1] https://anonscm.debian.org/git/collab-maint/wordpress.git/commit/?h=jessie&id=825b4377310c6b64ffc9707def7393cbbebcb8eb [2] https://bugs.debian.org/857026
Attachment:
signature.asc
Description: OpenPGP digital signature