Re: Wordpress security update

To: Markus Koschany <apo@debian.org>
Cc: Craig Small <csmall@debian.org>, "team@security.debian.org" <team@security.debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Wordpress security update
From: Sébastien Delafond <seb@debian.org>
Date: Tue, 14 Mar 2017 10:48:39 +0100
Message-id: <[🔎] 20170314094839.GE30529@centurion.befour.org>
In-reply-to: <[🔎] 0623d9c1-21aa-2709-354d-4f622d94812a@debian.org>
References: <[🔎] 891b9ba5-f8b3-d01f-67db-18ea42830bd0@debian.org> <[🔎] CALy8Cw5qzTSFDzWR8TTDYzca+Ahw+uQFoN=XQJT8ecjO92vK3w@mail.gmail.com> <[🔎] 0623d9c1-21aa-2709-354d-4f622d94812a@debian.org>

On Mar/14, Markus Koschany wrote:
> > So my whole rationale for adding this one in and going against what
> > WPScan said is purely 40176 is in the 4.1 branch of the upstreams
> > svn.  Looking at the relevant file it does look like it does things
> > and not dead or unreachable code, so I think 4.1 is vulnerable, but
> > PHP code is horrible to debug for that sort of thing.
> 
> Thanks for the explanation. That makes sense.

I've updated the tracker accordingly.

Cheers,

--Seb

Reply to:

References:
- Wordpress security update
  - From: Markus Koschany <apo@debian.org>
- Re: Wordpress security update
  - From: Craig Small <csmall@debian.org>
- Re: Wordpress security update
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Wordpress security update
Next by Date: Re: Wheezy update of r-base?
Previous by thread: Re: Wordpress security update
Next by thread: Re: Wordpress security update
Index(es):
- Date
- Thread